'Re: [opensuse-wiki] Fix for Session Data Lost Error'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       opensuse-wiki
Subject:    Re: [opensuse-wiki] Fix for Session Data Lost Error
From:       "Matthew Ehle" <mehle () novell ! com>
Date:       2010-08-07 17:48:25
Message-ID: 4C5D4809020000440008283E () sinclair ! provo ! novell ! com
[Download RAW message or body]

> > > > Thomas Schmidt  08/07/10 10:43 AM >>>
> On 08/07/2010 05:56 AM, Matthew Ehle wrote:
> > Hello Everyone,
> > 
> > I have rolled a fix for Bug 619735 to the production wiki.  I have provided \
> > details about the problem and solution there, but here's the short of it: 
> > PHP requires session_start() to be called before any session data can be saved.  \
> > The javascript login only passes login information to iChain and never explicitly \
> > calls the MediaWiki login, where the session_start() function is called.  Thus, \
> > when using the javascript login, no session is started, and no session data is \
> > saved.  Editing a page also calls session_start(), which is why it starts working \
> > after trying it one time. 
> > I added a session_start() call in the automatic iChain login script, and I have \
> > not been able to duplicate the problem on stage since.  As this appears to solve \
> > the problem, I have moved it out to the live wiki.  Please test it out and report \
> > any issues to me.  If I don't hear anything over the weekend, I'll close the bug \
> > out on Monday. 
> > In addition to the fix, the latest deployment also contains the code for email \
> > validation.  It won't do anything until it is provided certain header information \
> > by iChain, which should be set up to do that on Monday morning.
> 
> Cool, thanks Matthew for finding this nasty bug!

No problem!  Looks like I was a little hasty in trying to blame this on your login \
form (I'm assuming that you were involved in its development).  It actually works \
really well, aside from originally sending passwords in plain text ;)

Actually, I think a lot of the random login/session problems that have been reported \
in the forums were because of this long-standing bug.  The javascript login only made \
it more apparent, so it turned out to be quite a good thing!


[Attachment #3 (text/html)]

<html><head><meta http-equiv=Content-Type content="text/html; \
charset=iso-8859-1"><META name="Author" content="Novell GroupWise \
WebAccess"></head><body style='font-family: Tahoma, sans-serif; font-size: 13px; \
'>&gt;&gt;&gt;&gt; Thomas Schmidt &lt;tschmidt@suse.de&gt; 08/07/10 10:43 AM \
&gt;&gt;&gt;<br>&gt;On 08/07/2010 05:56 AM, Matthew Ehle wrote:<br>&gt;&gt; Hello \
Everyone,<br>&gt;&gt; <br>&gt;&gt; I have rolled a fix for Bug 619735 to the \
production wiki.  I have provided details about the problem and solution there, but \
here's the short of it:<br>&gt;&gt; <br>&gt;&gt; PHP requires session_start() to be \
called before any session data can be saved.  The javascript login only passes login \
information to iChain and never explicitly calls the MediaWiki login, where \
the<br>&gt;&gt; session_start() function is called.  Thus, when using the javascript \
login, no session is started, and no session data is saved.  Editing a page also \
calls session_start(), which is why it starts<br>&gt;&gt; working after trying it one \
time.<br>&gt;&gt; <br>&gt;&gt; I added a session_start() call in the automatic iChain \
login script, and I have not been able to duplicate the problem on stage since.  As \
this appears to solve the problem, I have moved it out to the<br>&gt;&gt; live wiki.  \
Please test it out and report any issues to me.  If I don't hear anything over the \
weekend, I'll close the bug out on Monday.<br>&gt;&gt; <br>&gt;&gt; In addition to \
the fix, the latest deployment also contains the code for email validation.  It won't \
do anything until it is provided certain header information by iChain, which should \
be set up to do<br>&gt;&gt; that on Monday morning.<br>&gt;<br>&gt;Cool, thanks \
Matthew for finding this nasty bug!<br><br>No problem!&nbsp; Looks like I was a \
little hasty in trying to blame this on your login form (I'm assuming that you were \
involved in its development).&nbsp; It actually works really well, aside from \
originally sending passwords in plain text ;)<br><br>Actually, I think a lot of the \
random login/session problems that have been reported in the forums were because of \
this long-standing bug.&nbsp; The javascript login only made it more apparent, so it \
turned out to be quite a good thing!<br><br></body></html>


-- 
To unsubscribe, e-mail: opensuse-wiki+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-wiki+help@opensuse.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic