| Status | Assigned | Task | ||
|---|---|---|---|---|
| Resolved | Deskana | T75616 Tracking: API/backend issues blocking Wikipedia app development | ||
| Resolved | Anomie | T32788 Allow triggering of user password reset email via the API | ||
| Open | None | T90925 General authentication improvements for MediaWiki | ||
| Resolved | Anomie | T48179 Allow a challenge stage during authentication | ||
| Open | None | T5709 Refactoring to make external authentication and identity systems easier | ||
| Resolved | Tgr | T43201 UserLoadFromSession considered evil | ||
| Resolved | Anomie | T67493 Session is started by EditAction (problem for extensions using UserLoadFromSession hook) | ||
| Open | None | T55156 Provide option to force a login session to end within a certain time | ||
| Open | None | T89459 Modernize MediaWiki authentication system (AuthManager) | ||
| Resolved | Anomie | T123451 Deploy SessionManager and bot passwords | ||
| Declined | dduvall | T125143 Blockers to deploying 1.27-wmf.11 | ||
| Resolved | Anomie | T125114 Accounts with user_token not set can't login to wmf.11 ("cookies not set" error) |
Event Timeline
Comment Actions
Should be fixed by https://gerrit.wikimedia.org/r/#/c/267066/.
What's happening here isn't actually cookies. James's account on cawiki somehow has no user_token set, so the token check done by SessionManager was failing because User::getToken() will happily generate a new token every call until that happens to be fixed. The pre-SessionManager code omitted the token check when user_token was unset.