Cradle session expires too fast
Closed, ResolvedPublicBUG REPORT
Actions

Assigned To

Authored By

	Evelien_WMDE
	Nov 3 2023, 11:08 AM

Description

"Now, I am losing the session with Cradle very quickly, causing data loss. For example, I performed OAuth at 2:10 pm and at 2:11 pm the login expired, not creating the item with the data filled in the form. I don't know if this behavior is expected, or if it is configured this way for security reasons. Or even if there is something I can do to overcome the issue and stay connected."

Steps to replicate the issue (include links if applicable):

Log-in: https://web.bdij.com.br/tools/widar/index.php?action=authorize
Fill the form
Click the button "Create new item"

What happens?:

Spinner at the top keeps spinning
No item is created
Press F5 and see that the session is lost, since it appears "Log in to save!" instead of my username

What should have happened instead?:

New item is created
Clear the form once the item is created (I suppose)
Keep connected at least until I close the window

Software version (skip for WMF-hosted wikis like Wikipedia):

MediaWiki 1.39.5
PHP 7.4.33 (apache2handler)
MariaDB 10.5.15-MariaDB-log
ICU 67.1
Pygments 2.11.2
Lua 5.1.5
LilyPond 2.22.0
Elasticsearch 7.10.2

Other information (browser name/version, screenshots, etc.):

Hosted at wikibase.cloud

Patches

Event Timeline

Evelien_WMDE created this task.Nov 3 2023, 11:08 AM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 3 2023, 11:08 AM

BDIJ updated the task description. (Show Details)Nov 7 2023, 1:52 AM

Evelien_WMDE moved this task from Product prioritized backlog to Ready to Pick Up on the Wikibase Cloud board.Nov 9 2023, 12:10 PM

Fring claimed this task.Jan 3 2024, 3:38 PM

Fring moved this task from Ready to Pick Up to Kanban board Q4 2023 on the Wikibase Cloud board.

Fring edited projects, added Wikibase Cloud (Kanban board Q4 2023); removed Wikibase Cloud.

Fring moved this task from To do to Doing on the Wikibase Cloud (Kanban board Q4 2023) board.

Fring moved this task from Doing to In Review on the Wikibase Cloud (Kanban board Q4 2023) board.Jan 4 2024, 12:30 PM

Fring moved this task from In Review to Doing on the Wikibase Cloud (Kanban board Q4 2023) board.Jan 4 2024, 1:58 PM

It seems the root level widar cookie is set as a session cookie: https://github.com/wbstack/magnustools/blob/785d4965a672a5d9e7b82cc20d3f18186186223d/classes/OAuth.php#L90-L98 when the credentials it maps to are persisted with a Max-Age of 7776000 (a month): https://github.com/wbstack/magnustools/blob/785d4965a672a5d9e7b82cc20d3f18186186223d/classes/OAuth.php#L301

It would probably make sense and align these values, or have the widar cookie expire only slightly earlier so that it cannot map to expired OAuth credentials.

PR in magnustools https://github.com/wbstack/magnustools/pull/8

Fring removed Fring as the assignee of this task.Jan 8 2024, 3:55 PM

Fring moved this task from Doing to In Review on the Wikibase Cloud (Kanban board Q4 2023) board.

Fring subscribed.

dang claimed this task.Jan 11 2024, 11:26 AM

dang removed dang as the assignee of this task.Jan 12 2024, 1:55 PM

dang moved this task from In Review to Waiting for Deploy to Staging on the Wikibase Cloud (Kanban board Q4 2023) board.

dang subscribed.

The changes in magnustools now still need to be consumed in widar.

Fring moved this task from Waiting for Deploy to Staging to To do on the Wikibase Cloud (Kanban board Q4 2023) board.Jan 15 2024, 9:28 AM

Fring claimed this task.Jan 29 2024, 9:58 AM

Fring moved this task from To do to Doing on the Wikibase Cloud (Kanban board Q4 2023) board.

The patch in magnustools actually requires a fixup: https://github.com/wbstack/magnustools/pull/9

Fring removed Fring as the assignee of this task.Jan 29 2024, 2:47 PM

Fring moved this task from Doing to In Review on the Wikibase Cloud (Kanban board Q4 2023) board.

dang moved this task from In Review to Waiting for Deploy to Staging on the Wikibase Cloud (Kanban board Q4 2023) board.Jan 30 2024, 10:41 AM

PR in Widar https://github.com/wbstack/widar/pull/134

Fring moved this task from Waiting for Deploy to Staging to In Review on the Wikibase Cloud (Kanban board Q4 2023) board.Jan 30 2024, 10:54 AM

Andrew-WMDE claimed this task.Jan 31 2024, 6:48 AM

Fring claimed this task.Jan 31 2024, 10:59 AM

Fring moved this task from In Review to Doing on the Wikibase Cloud (Kanban board Q4 2023) board.

Fring added a subscriber: Andrew-WMDE.

conny-kawohl_WMDE edited projects, added Wikibase Cloud (Kanban board Q1 2024); removed Wikibase Cloud (Kanban board Q4 2023).Feb 5 2024, 8:46 AM

conny-kawohl_WMDE moved this task from To do to Doing on the Wikibase Cloud (Kanban board Q1 2024) board.

Next attempt at getting this fixed https://github.com/wbstack/magnustools/pull/10/files

Fring removed Fring as the assignee of this task.Feb 5 2024, 9:52 AM

Unfortunately another fix in Magnustools is required https://github.com/wbstack/magnustools/pull/12

More fixes https://github.com/wbstack/magnustools/pull/13

Fring claimed this task.Feb 13 2024, 4:11 PM

Tarrow updated the task description. (Show Details)Feb 14 2024, 6:49 PM

Tarrow updated the task description. (Show Details)

Tarrow updated the task description. (Show Details)Feb 21 2024, 11:46 AM

Tarrow updated the task description. (Show Details)

Fring moved this task from In Review to Waiting for Deploy to Staging on the Wikibase Cloud (Kanban board Q1 2024) board.Feb 22 2024, 8:59 AM

Fring moved this task from Waiting for Deploy to Staging to Done on the Wikibase Cloud (Kanban board Q1 2024) board.Feb 22 2024, 9:32 AM

Tarrow closed this task as Resolved.Mar 28 2024, 11:51 AM

Cradle session expires too fastClosed, ResolvedPublicBUG REPORTActions

Description

Patches

Event Timeline

Cradle session expires too fast
Closed, ResolvedPublicBUG REPORT
Actions