https://bugzilla.wikimedia.org/show_bug.cgi?id=37643
--- Comment #5 from Brad Jorsch <[email protected]> 2012-09-28 00:37:40 UTC --- Ok, step by step. 1. Make sure ConfirmEdit is enabled and that it will be using CaptchaSessionStore. 2. Clear your cookies, if necessary. 3. Make an API request to get an edit token, e.g. http://localhost/w/api.php?action=query&titles=Sandbox&prop=info&intoken=edit or http://localhost/w/api.php?action=tokens. Note you will not receive any session cookie from either of these requests. 4. Make an API request to edit a page, which includes at least one new link. For example, http://localhost/w/api.php?action=edit&token=%2B%5C&summary=Test&text=http://www.example.com/&title=Sandbox. You should get back a response with captcha information. You will receive no cookie, even though ConfirmEdit tried to save data in the session. 5. Make another API request, supplying the correct captcha information. For example, if MathCaptcha gave back "3 + 4 = ", you might send http://localhost/w/api.php?action=edit&token=%2B%5C&summary=Test&text=http://www.example.com/&title=Sandbox&captchaid=1234567890&captchaword=7. You will get back another response with a different captcha request, and still no cookie. When using my patch, in step 4 you ''will'' receive a session cookie, so the edit will be able to succeed in step 5. In the much more common case that you already have a session cookie heading into step 4 (e.g. you're logged in), the "session_id() === ''" test in my patchet will be false so nothing much will change. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
