On Tue, 11 Oct 2011 14:37:56 -0700, Brion Vibber wrote: > On Tue, Oct 11, 2011 at 10:17 AM, Dan Nessett <[email protected]> > wrote: > >> Thanks for your reply and for the clarification about sessions not >> associating with IP addresses. However, it seems unlikely that session >> expiration is the problem. >> >> Our wikis require login before users can do anything other than view >> pages. However, when the situation I described previously occurs, the >> user is able to edit pages and do anything else his permissions allow >> when logged in. The problem appears to have something to do with the >> way IP addresses are mapped to user names by the logging logic. That >> is, the session is still active, but when entries are made in the logs, >> the username is replaced either by the IP address of the request or by >> the generic identifier "anonymous" (different behavior on different >> wikis - probably a configuration issue, which I am investigating). >> >> > Ok, my suspicion is on > <https://bugzilla.wikimedia.org/show_bug.cgi?id=28639>, fixed in the > 1.16.5 security release in May: < > http://lists.wikimedia.org/pipermail/mediawiki-announce/2011- May/000098.html >> >> > It looks like there may be some cases where session expiration (or > similar issues) might have left things in a state where the previous > user's permissions got kept but the other info got thrown away. This > would presumably allow edits etc to finish up, while recording them as > not a user id. > > -- brion
I have verified that this problem is fixed in 1.16.5. See comment 19 of bug 32122 (https://bugzilla.wikimedia.org/show_bug.cgi?id=32122). I have closed the bug ticket with a status of resolved/fixed. -- -- Dan Nessett _______________________________________________ MediaWiki-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
