On Mon, Oct 10, 2011 at 11:16 AM, Dan Nessett <[email protected]> wrote:
> We have been experiencing problems with MW 1.16.2 related to logged in > users on client machines where the IP address changes. I have looked over > the Bugzilla reports but could not find anything obviously related. > > If a user with a laptop logs into the wiki, puts the laptop to sleep, > moves to a different location and then attempts to continue processing, > the logs show his changes mapped to an IP address (or on one of our wikis > as anonymous), rather than his user name. A simple thought experiment > suggests the cookie presented to the wiki after the laptop move has a > different IP address than the request message. This confuses MW, giving > the user all his permissions (since he is logged in), but not properly > identifying the user's name in the logs. > Session cookies are not tied to IP addresses. Most likely, the session has simply expired -- it won't make a difference whether you come back on a different IP or the same one, expired session data will kill your login. Note that in the case of session expiration, the caching workaround that we perform on logout (setting a 'logged out at time X' cookie) doesn't work, so you may initially see a couple page views that still look like you're logged in. You should not see this confusion on the actual edit page itself -- this won't be cached so should show you that you are not logged out. Consider increasing PHP's session lifetime: http://us2.php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime the default is 1440 seconds (24 minutes), meaning that a session which doesn't get touched for 24 minutes may get destroyed during garbage collection. It's also possible that there's something else in your system which introduces an IP-address dependency for sessions, such as the session encryption option in the suhosin plugin with some unsafe configuration options used: http://www.hardened-php.net/suhosin/configuration.html#suhosin.session.checkraddr -- brion _______________________________________________ MediaWiki-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
