Author: Bryan.TongMinh
Description:
When using CentralAuth SpecialUserlogin::onCookieRedirectCheck is useless:
- Consider you login without an appropriate session cookie set
- Your login succeeds and you get the appropriate UserId, UserName and session token
- You are then redirected using wpCookieCheck which will trigger a check on your session cookie
- Everything is ok so the UserLoginComplete will trigger
- As there is no proper session attached, $wgUser will contain an anonymous user. CentralAuthHooks::onUserLoginComplete will run on that
- CentralAuth will do undefined stuff and you will get the messsage 'You are now logged in to Meta as "83.81.x.y"'
Version: unspecified
Severity: normal