Specifically, there was some conflict between the way MediaWiki-extensions-Auth_remoteuser created new sessions on every request instead of using cookies.
I noted that I don't have the same problem with PluggableSSO which relies on MediaWiki-extensions-Pluggable-Auth for much of its plumbing.
Since we need some sort of authentication piece for the LDAP stack (since we're hoping to replace the old monolithic extension) we need to figure out a way to do this.
From what I can see, we have at least the following two options options:
- Fix MediaWiki-extensions-Auth_remoteuser
- Test and review PluggableSSO
(I'm not happy with the session bits that I have in PluggableSSO. I managed to kludge something together, but I don't understand it very well and it hasn't gotten a lot of review.)