I've run into a strange issue whereby logging into a wiki as an externally authenticated user from one computer, then logging into the wiki from a second computer as the same user (also externally authenticated) will log the user out of the wiki on the first computer. This only happens with users who are authenticating externally. Locally authenticated user accounts (e.g., WikiSysop) are fine and can log in from many computers without affecting each other.
I think I've tracked it down to the "user_token" field in the User table of the database. It changes for every login of an externally authenticated user. It remains unchanged for local users when they login. I believe this is invalidating the cookies of the first login by the second login changing the value of user_token in the database and thus setting the first logged-in user's session to anonymous (from what I could gather reading the User.php code). My understanding is that the user_token is only changed when the user is initially created and when the password is reset, but for my externally authenticating users it happens at every login. Has anyone seen this before and if so is there a reasonable fix? This is becoming a nuisance for some of my users who login a wiki using the same account from two or more machines. Thanks in advance for any pointers... -Jim _______________________________________________ MediaWiki-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
