Eccentric Flower:200906/Administrivia
From Eccentric Flower
Administrivia
I should note that I am not necessarily getting the behavior you are from this site in all particulars. If you see something (as they say in those ill-advised subway slogans), say something.
For example, I have never once had the "show recent comments" link default to zero entries and zero days - but both Robert and Nonelvis reported that's what they always got. (Is fixed now.)
And Mrissa reported that the site is logging her out so fast that it loses track of her identity while she's in the middle of trying to post a comment, which is definitely not optimal behavior. Is anyone else getting logged out very fast? (It leaves me logged in for hours and hours.) If so: Are you using the secure login? (It's not really required, and it shouldn't make any difference, just a data point.) Do you check "Remember me"? (It actually means "remember me longer," not "remember me forever.") And what browser are you using? (I have tested nothing but Firefox.)
I hate solving problems like these, and in some cases I may not be able to solve them, but I sure can't solve them if I don't know about them. So do speak up.
MediaWiki's cookie-setting behavior is, to put it charitably, bizarre. I did a couple of tests this morning, which I am describing here for Nonelvis' benefit; I don't know how meaningful they will be for anyone else.
If you log in clean without "remember me" checked, it sets three cookies:
wikidbUserName - expires July 6 (this is based on tests this morning, and the timestamp on it implies "one month from now" is what the code uses.) This contains your user name.
wikidbUserID - same, expires one month from now. This contains your internal ID number in the wiki.
wikidb_session - is a session cookie, expires when you close your browser or something else interrupts session (changing from http: to https: can sometimes do this, as can starting/stopping a VPN). This holds a long magic token of some kind.
Now, log out and clear all eccentricflower.com cookies by hand for a clean test. Log back in and this time check "Remember me." It sets the exact same three cookies with the exact same expirations. The only difference is that it also sets a fourth cookie, wikidbToken - which expires in a month.
Now the first two are only used to fill in blanks (for example, prefilling your user name into the login form). The third only lasts session duration. So is the idea that that token overrides the session cookie somehow, so that instead of only remembering you for session, it remembers you for a month? I don't know. What I do know is that if you log out and log back in WITHOUT clearing out cookies by hand in between, usually that token does not get set. So I log out for some reason, and later I log back in and say "remember me" - doesn't matter, it's only going to remember me for the session.
Also, logging in from a secure URL acts exactly the same way, except all the cookies are marked "For encrypted connections only" - which means as soon as you switch back to http:// from https:// for any reason, you are logged out. Normally this is not a problem because once you switch to https:// you stay there, but it's tripped me up once or twice.
I can't find any settings to override all this madness. I may have to go dig into the actual wiki code.
Meanwhile, I hand you Metawiki's advice:
-- 16:45, 6 June 2009 (BST)
Kymmz:
I haven't had to log in since the first time I logged in.
-- 05:33, 6 June 2009 (BST)