Eccentric Flower talk:200906/Administrivia

From Eccentric Flower

Comments on Eccentric Flower:200906/Administrivia

Comment:

Kymmz:

I haven't had to log in since the first time I logged in.

-- 05:33, 6 June 2009 (BST)

Mel:

Me either.

-- 08:23, 6 June 2009 (BST)

Columbina:

MediaWiki's cookie-setting behavior is, to put it charitably, bizarre. I did a couple of tests this morning, which I am describing here for Nonelvis' benefit; I don't know how meaningful they will be for anyone else.

If you log in clean without "remember me" checked, it sets three cookies:

wikidbUserName - expires July 6 (this is based on tests this morning, and the timestamp on it implies "one month from now" is what the code uses.) This contains your user name.

wikidbUserID - same, expires one month from now. This contains your internal ID number in the wiki.

wikidb_session - is a session cookie, expires when you close your browser or something else interrupts session (changing from http: to https: can sometimes do this, as can starting/stopping a VPN). This holds a long magic token of some kind.

Now, log out and clear all eccentricflower.com cookies by hand for a clean test. Log back in and this time check "Remember me." It sets the exact same three cookies with the exact same expirations. The only difference is that it also sets a fourth cookie, wikidbToken - which expires in a month.

Now the first two are only used to fill in blanks (for example, prefilling your user name into the login form). The third only lasts session duration. So is the idea that that token overrides the session cookie somehow, so that instead of only remembering you for session, it remembers you for a month? I don't know. What I do know is that if you log out and log back in WITHOUT clearing out cookies by hand in between, usually that token does not get set. So I log out for some reason, and later I log back in and say "remember me" - doesn't matter, it's only going to remember me for the session.

Also, logging in from a secure URL acts exactly the same way, except all the cookies are marked "For encrypted connections only" - which means as soon as you switch back to http:// from https:// for any reason, you are logged out. Normally this is not a problem because once you switch to https:// you stay there, but it's tripped me up once or twice.

I can't find any settings to override all this madness. I may have to go dig into the actual wiki code.

Meanwhile, I hand you Metawiki's advice:

Regardless of the reason for the logout, the simplest solution to the problem is to check the Remember me box.

-- 16:45, 6 June 2009 (BST)

Retrieved from "http://www.eccentricflower.com/index.php/Eccentric_Flower_talk:200906/Administrivia"
Personal tools
eccentric flower
fiction