Page MenuHomePhabricator
Create Task
Maniphest T276946

Fix Wikimini session expiration
Closed, ResolvedPublic
Actions

Description

Fix Wikimini session issues.

This is an issue known since February 2021.

Original report

It's a serious issue, because if the user doesn't check "Keep me logged in", he will always be disconnected when trying to edit an article and get an error (impossible to submit any edit!) :-( Some experienced users are still reporting this issue: https://fr.wikimini.org/wiki/Sp%C3%A9cial:AWCforum/st/id22044
I suggested as a workaround to make this checkbox checked by default. Would it be possible? But this issue needs to be investigated.
Probably related to this, I also get a session failure message when I switch from the visual editor to the wiki editor and then submit an edit. It never works. For this issue, the "checkbox" workaround doesn´t help.

Kind regards
Laurent

Steps to reproduce

  1. Login into https://fr.wikimini.org/wiki/Special:Login
  2. Visit a random page like https://fr.wikimini.org/wiki/Genre_litt%C3%A9raire
  3. Click on Modifier cette page
  4. Click on Modifier le wikicode
  5. You are now logout!

Thanks to @Ilario for these precise instructions.

Steps to reproduce (newer)

  1. Login into https://fr.wikimini.org/wiki/Special:Login
  2. Visit a random stock page: https://stock.wikimini.org/wiki/Main_Page
  3. You are now logout!

Related Objects

Event Timeline

valerio.bozzolan claimed this task.Mar 9 2021, 3:36 PM
valerio.bozzolan triaged this task as High priority.
valerio.bozzolan created this task.
valerio.bozzolan updated the task description. (Show Details)Mar 9 2021, 4:04 PM
valerio.bozzolan updated the task description. (Show Details)Mar 22 2021, 7:42 AM
valerio.bozzolan added a subscriber: Ilario.
valerio.bozzolan added a comment.Mar 22 2021, 4:01 PM

Uhm. A waterfall of strange things lived here.

I've found that a legacy unexisting jQuery resource was pointing to Stock wiki, invalidating the whole session for no rational explanation.

Check it out:

Mozilla Firefox console log.png (339×1 px, 107 KB)

In short, in wikitext-mode, the page was enqueuing this unexisting script:

That page was sending this header, causing session invalidation:

Set-Cookie: wikimini_stockwiki_session=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.wikimini.org; secure; HttpOnly

For now I've mitigated just dropping that unexisting script:

extensions-external/SelectCategory/SelectCategory_body.php
//                      $wgOut->addScriptFile( "https://stock.wikimini.org/wiki/resources/lib/jquery/jquery.js");

Anyway it seems that normal sessions are broken in Wikimini.

valerio.bozzolan renamed this task from Fix Wikimini session issues to Fix Wikimini session expiration.Mar 22 2021, 4:01 PM
valerio.bozzolan updated the task description. (Show Details)
valerio.bozzolan closed this task as Resolved.Mar 23 2021, 9:33 AM

Well, I've applied another workaround:

includes/specialpage/LoginSignupSpecialPage.php
'rememberMe' => [
        // option for saving the user token to a cookie
        'type' => 'check',
        'name' => 'wpRemember',
        'label-message' => $this->msg( 'userlogin-remembermypassword' )
                ->numParams( $expirationDays ),
        'id' => 'wpRemember',
         'default' => true,
],

Note the default to true.

Wikimini login page.png (431×760 px, 32 KB)

I'm really interested in discovering if we fix this in the correct way during the upgrade:

Marking as resolved but feel free to reopen if it's not enough.

Raphoraph subscribed.Sep 2 2021, 9:59 PM
Raphoraph moved this task from Backlog to Done on the Wikimini.org board.Jan 5 2022, 8:16 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL