https://bugzilla.wikimedia.org/show_bug.cgi?id=65891
Bug ID: 65891
Summary: Session cookies (and data) being shared between web
services cause issues
Product: Wikimedia Labs
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: Unprioritized
Component: tools
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected], [email protected]
Web browser: ---
Mobile Platform: ---
As the session id cookie is identical between tools, the first one to save a
session prevents others from doing so because of permissions. If the
permissions allowed it, it would - at best - cause sessions overwriting each
other and at worst leak information and possibly authentication tokens between
tools.
Fixing this requires either
(a) per-tool session.cookie_path so that every tool maintains distinct sessions
or
(b) per-tool session.save_path so that every tool maintains separate session
/data/
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
