[Bug 32364] New: Logged in status incorrectly displayed after a PHP session timeout

Fri, 11 Nov 2011 11:41:59 -0800 

https://bugzilla.wikimedia.org/show_bug.cgi?id=32364

       Web browser: ---
             Bug #: 32364
           Summary: Logged in status incorrectly displayed after a PHP
                    session timeout
           Product: MediaWiki
           Version: 1.16.5
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: Unprioritized
         Component: User login
        AssignedTo: [email protected]
        ReportedBy: [email protected]
    Classification: Unclassified


This bug was discovered while working on bug 32122
(https://bugzilla.wikimedia.org/show_bug.cgi?id=32122). In order to reproduce
it reliably, a developer must make the following changes to php.ini (this
should *not* be done on a production machine, since the settings force the PHP
garbage collector to run on every page access).

session.gc_probability = 100
session.gc_divisor     = 100
session.gc_maxlifetime = 60
session.save_path = <some directory writable by httpd>

login (DO NOT CHECK THE "REMEMBER ME" BOX).

Print the contents of the session file (this is most easily accomplished by
deleting all session files before login, which will mean only one session file
exists after login). The session contents will look something like:

wsUserID|i:1;wsToken|s:32:"895091d5eb444a89d6e29b679b4ec8ac";wsUserName|s:9:"WikiSysop";wsLoginToken|N;

+ Wait 60 seconds or more.

Refresh the page.

The login status line will show something like:

<username> My talk My preferences My watchlist My contributions Log out

where <username> indicates the name of the user who logged in. However, the
session file will contain something like:

wsUserID|i:1;wsUserName|s:9:"WikiSysop";

This means the user is actually logged out. So the login status line is
incorrectly displayed. If you refresh the page once again, the login status
line correctly indicates the user is logged out.

In a post to Mediawiki-l
(http://www.mail-archive.com/[email protected]/msg08967.html),
Brion Vibber indicates this problem would be fixed if the enhancement request
in https://bugzilla.wikimedia.org/show_bug.cgi?id=31639 were implemented.

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.

_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

Reply via email to