Page MenuHomePhabricator

Installer suggests $wgMainCacheType = CACHE_ACCEL, potentially breaking sessions
Open, HighPublic

Description

There have been an increased number of reports of people having problems with sessions on new MediaWiki 1.27 installations or upgrades to 1.27, and the problem is typically that $wgMainCacheType = CACHE_ACCEL, which causes $wgSessionCacheType to also have the value of CACHE_ACCEL. This is causing problems when the cache is not persistent across requests, and MediaWiki will complain about "session hijacking".

The problem here is that the installer itself is setting $wgMainCacheType = CACHE_ACCEL; if it detects it's appropriate, but in this case it should set $wgSessionCacheType to CACHE_DB, to be in the safe side, unless the installer is also able to detect if the main cache is able to store session information.

Ref:

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 2 2016, 7:46 PM

Hi this may be related to T140961 and T140587

Since to use CACHE_ACCEL you need to have one of the caches there like apcu and xcache.

But this should now be fixed in the tasks I linked pending the patch that was cherry picked to REL1_27 being merged.

@Ciencia_Al_Poder would you be able to get the users to try https://gerrit.wikimedia.org/r/#/c/313756/ please?

And if you could reproduce the problem could you also try https://gerrit.wikimedia.org/r/#/c/313756/ please?

That would also explain my problem too using php 5.5+

This was T49162: Installer should not default to CACHE_NONE if CACHE_ACCEL is supported / rMWb3dc2fedc5e3: installer: Choose CACHE_ACCEL as the default if available.

This is causing problems when the cache is not persistent across requests, and MediaWiki will complain about "session hijacking".

Why is CACHE_ACCEL not persistent across requests? That kind of defeats the whole point of APCu...

Paladox added a comment.EditedOct 3 2016, 6:20 AM

@Legoktm apcu support was added yesterday so maybe this is fixed in the support?

@Legoktm apcu support was added yesterday so maybe this is fixed in the support?

No, that's entirely unrelated.

@Legoktm but you said

"Why is CACHE_ACCEL not persistent across requests? That kind of defeats the whole point of APCu..."

But if CACHE_ACCEL wasn't using apcu then it would not work as intended.

@Legoktm but you said
"Why is CACHE_ACCEL not persistent across requests? That kind of defeats the whole point of APCu..."
But if CACHE_ACCEL wasn't using apcu then it would not work as intended.

Paladox, I don't think you understand what the issue here is. If APC(u) wasn't detected, then the installer wouldn't have picked it. APC and APCu are interchangable names in this case.

Maybe we will want to set $wgSessionCacheType to CACHE_DB if we set CACHE_ACCEL?

Oh yep I see now, sorry.

But the apcu support will help users who did pick CACHE_ACCEL manually, to fix the session to. Thanks for explaining

I don't know if they are using APCu or any other opcache detected by MediaWiki.

Also, the problem may happen if the webserver is using multiple threads to handle requests, and different requests (from the same user) reach different threads randomly, so the "persistence" is scoped to a single thread and each request gets completely different cached data.

That's an extract from an IRC conversation from yesterday:

1[18:27:17] <Sloyment> Hi
2[18:30:26] <Sloyment> I have installed MW 1.27.1, and I can�t log in. It says: "There seems to be a problem with your login session; this action has been canceled as a precaution against session hijacking. Go back to the previous page, reload that page and then try again."
3[18:36:48] <Vulpix> Sloyment: if you have set any cache to CACHE_ACCEL in LocalSettings.php, you may need to set $wgSessionCacheType to CACHE_DB
4[18:40:24] <Sloyment> Vulpix: Thanks :-)
5[18:41:39] <Sloyment> But I did not change LocalSettings.php; it was generated automatically with CACHE_ACCEL enabled.
6[18:43:23] <Vulpix> Sloyment: try adding $wgSessionCacheType = CACHE_DB;
7[18:56:48] <Sloyment> Vulpix: Done. It works now. :-) Thank you.

Reedy added a subscriber: Reedy.Oct 3 2016, 11:55 AM

FWIW, APCu isn't an opcode cache. In recent versions of PHP, the opcode cache was pulled out of APC into Zend Opcache, leaving the "userland" caching of APC for storing of other stuff

And I've no idea if the APCu fixes going in help/hinder/do nothing to help this

Anomie added a comment.Oct 3 2016, 2:34 PM

Why is CACHE_ACCEL not persistent across requests?

This is probably the critical question here. The answer may have something to do with the larger infrastructure, e.g. if there's some common webserver+PHP that is hitting a case like this.

Cboltz added a subscriber: Cboltz.Oct 3 2016, 4:59 PM
Paladox added a comment.EditedOct 3 2016, 5:27 PM

Doing this

$wgMainCacheType = CACHE_ACCEL;
$wgSessionCacheType = CACHE_DB;

is still causing the same problem with mw 1.28 wmf 20.

Note: That I also had it set to CACHE_ANYTHING before and that was still causing problems too.

Anomie added a comment.Oct 3 2016, 5:41 PM

Doing this
$wgMainCacheType = CACHE_ACCEL;
$wgSessionCacheType = CACHE_DB;
is still causing the same problem with mw 1.28 wmf 20.

If you're seeing a problem when $wgSessionCacheType = CACHE_DB;, that's a different problem than the problem that is being described here.

Change 313844 had a related patch set uploaded (by Paladox):
Set $wgSessionCacheType to CACHE_DB if CACHE_ACCEL is set

https://gerrit.wikimedia.org/r/313844

@Anomie hi, clearing my cache fixes the problem, but then I carn't keep clearing my cache everytime I want to login into my own wiki, T138168

Since it works in MW 1.26 but broke in 1.27, so between those two releases something broke cache and caused the new session based login system to not work as intended, but it works as intended for Wikimedia since they use varnish and memcache.

Reason I doint want to keep clearing my cache is because I doint want to keep signing into my websites and other websites.

Tgr added a subscriber: Tgr.Oct 3 2016, 6:15 PM

Yeah, we had problems for a while with CACHE_ACCEL not being persistent (e.g. T138072: Persistent login session issue on some wikis (due to XCache not saving data across requests?)). Maybe the installer could just test for that?

In-memory caching is generally superior for sessions compared to a DB, so if we can reliably detect whether CACHE_ACCEL is persistent or not, maybe we could define something like CACHE_PERSISTENT which has a fallback chain of memcached -> accel (if persistent) -> DB?

Note that pre-1.27 sessions were stored in files (or whatever was configured in php.ini) unless $wgSessionsInObjectCache was set, so this issue will hit some sites that upgrade to 1.27 as well, not just fresh installs. If we could come up with some more clever default (non-installer) behavior that can be backported to 1.27, that would be great.

Anomie added a comment.Oct 3 2016, 7:03 PM

@Paladox: If you have $wgSessionCacheType = CACHE_DB; already, it's not the same issue. On this task I don't care what you can do to work around your issue or how inconvenient that is for you because this task is not about your issue. Go discuss your issue on T138168; I'd recommend starting with providing the information requested in T138168#2393690.

Hi yes sorry wrong task to disccuss my problem is.

Change 313844 abandoned by Paladox:
Set $wgSessionCacheType to CACHE_DB if CACHE_ACCEL is set

https://gerrit.wikimedia.org/r/313844

With the backports of rMW61f778256c and rMW14aa034af6 into REL1_27 and REL1_28 the underlying session problem shouldn't happen anymore. Still, may be worth investigating why installer suggests CACHE_ACCEL when it doesn't work

Krinkle triaged this task as High priority.Apr 7 2017, 10:47 PM
Krinkle moved this task from Backlog to libs/objectcache on the MediaWiki-Cache board.
Osnard added a subscriber: Osnard.Nov 22 2017, 6:58 AM
Papaul added a subscriber: Papaul.Wed, Jul 31, 2:32 AM

I am having the same problem. Everything was working fine on my Wiki until this morning when I tried to login i was getting the message below

There seems to be a problem with your login session; this action has been canceled as a precaution against session hijacking. Go back to the previous page, reload that page and then try again.
MediaWiki 1.30.0

I had it to

$wgMainCacheType = CACHE_NONE;

when i started to have the issue this morning i set it to

$wgMainCacheType = CACHE_ACCEL;

but still having the same issue

Thanks