aboutsummaryrefslogtreecommitdiffstats
path: root/includes/session
Commit message (Collapse)AuthorAgeFilesLines
...
* SessionBackend: skip isUserSessionPrevented check for anonsOri Livneh2016-02-241-2/+3
| | | | | | | | | | For anon requests, the call to SessionManager::isUserSessionPrevented( $this->user->getName() ) is both expensive (because of the need to sanitize the IP) and pointless, because the session-prevention feature is intended for named accounts. So short-circuit the check if the user is not logged in. Change-Id: I17386b97e229b492723b46db1e1ae16fd4b0fc5a
* Revert "Log multiple IPs using the same session or the same user account"Ori Livneh2016-02-231-91/+0
| | | | | | | | This reverts commit f22549a60539c9aa5c5390c8417c984ba8eef5b2. Per T125455#2054194. Bug: T125455 Change-Id: Ic2049381e98586e91974fc5b47d9e857a73414a4
* Merge "Enforce MW_NO_SESSION, add MW_NO_SESSION_HANDLER"jenkins-bot2016-02-222-0/+13
|\
| * Enforce MW_NO_SESSION, add MW_NO_SESSION_HANDLERBrad Jorsch2016-02-222-0/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When an entry point specifies MW_NO_SESSION, actually enforce that by having both SessionManager and PHP's session handling (session_start() and friends) throw exceptions. If an entry point needs the old behavior of using PHP's default session handling (as defined in php.ini), it should define MW_NO_SESSION_HANDLER instead of or in addition to MW_NO_SESSION. This also makes PHPSessionHandler be installed in CLI mode, where it wasn't installed before. Bug: T127233 Change-Id: I2a3db06ee8e44a044096c57a819b5fd5e51c5c5c
* | Fix session store loggingBrad Jorsch2016-02-221-1/+0
|/ | | | | | | | | | Two things were wrong here: 1. SessionManager shouldn't override the configured logger of the underlying store. 2. CachedBagOStuff shouldn't override the configured logger of the backend store on construction. Change-Id: I24ed5a81d5b238a42934a7890dd8d0a9f9bb3b6f
* Merge "SessionManager: Autocreate should use READ_LATEST when necessary"jenkins-bot2016-02-181-1/+3
|\
| * SessionManager: Autocreate should use READ_LATEST when necessaryBrad Jorsch2016-02-181-1/+3
| | | | | | | | | | | | | | | | If we failed to fetch the user ID using the default flags but succeeded with READ_LATEST, we should also be passing READ_LATEST to $user->loadFromId(). Change-Id: If8fc332810c2703773a153760ad076c398a84e4e
* | Do not unauthenticate if autocreation fails due to a raceGergő Tisza2016-02-181-6/+15
|/ | | | | Bug: T70012 Change-Id: I523ee94744ac943ede78af59ab381b65ae26e672
* Convert all array() syntax to []Kunal Mehta2016-02-179-187/+187
| | | | | | | | | | Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
* Merge "CookieSessionProvider: It's persisted if we have a 'Token' cookie"jenkins-bot2016-02-162-3/+1
|\
| * CookieSessionProvider: It's persisted if we have a 'Token' cookieBrad Jorsch2016-02-162-3/+1
| | | | | | | | | | | | | | | | | | | | This aspect of the pre-SessionManager Setup.php code had been overlooked. This also updates an inaccurate doc comment that I happened to notice. Bug: T125313 Change-Id: Id49836086be837012b02885ce5384ae6a4ebc105
* | Session: Implement ArrayAccessBrad Jorsch2016-02-162-5/+44
|/ | | | | | | | | | Now that we dropped support for PHP 5.3.3, we can do this. The behavior of $session['foo'] when that key doesn't already exist is a little unexpected (it implicitly assigns null), but it's the best we can do. Change-Id: Ibef878867d46591a8bf542139a1719dfec3b83ab
* Merge "Log multiple IPs using the same session or the same user account"jenkins-bot2016-02-121-0/+91
|\
| * Log multiple IPs using the same session or the same user accountGergő Tisza2016-02-111-0/+91
| | | | | | | | | | | | | | | | | | As an attempt to detect SessionManager errors that log people into the wrong account, log multiple IPs using the same session, or the same user account. Bug: T125455 Change-Id: I27468a3f6d582d9b46984227b9307dc71190fd6a
* | Merge "SessionProvider::mergeMetadata: Log additional data"jenkins-bot2016-02-113-4/+80
|\ \
| * | SessionProvider::mergeMetadata: Log additional dataBryan Davis2016-02-113-4/+80
| |/ | | | | | | | | | | | | | | | | Add the data values and types to the exception raised when mismatched session data is processed. This is done by passing the old and new values on via a new MetadataMergeException class. The attached data is added to the debug logging context info when caught. Change-Id: If8a7174399289bc284ca1b36052ba515c8857c50
* / Fix invalid key warning in CookieSessionProvider error handling codeGergő Tisza2016-02-111-6/+6
|/ | | | Change-Id: I68172ff5fcd6acaab7ecf298ed4a47f23cb8c9f7
* Merge "PHPSessionHandler: Implement SessionHandlerInterface"jenkins-bot2016-02-101-32/+4
|\
| * PHPSessionHandler: Implement SessionHandlerInterfaceBrad Jorsch2016-02-101-32/+4
| | | | | | | | | | | | Now that support for PHP 5.3 has been dropped, we can do this. Change-Id: If7fa9801194683eea6764e5748157d8a66a616df
* | Merge "Remove unused imports from Session classes"jenkins-bot2016-02-102-6/+0
|\ \
| * | Remove unused imports from Session classesThiemo Mättig2016-02-102-6/+0
| |/ | | | | | | Change-Id: Ia3cdd923728870f5eff0bd90fd2f6605047291c0
* / Remove "$that" from SessionManagerBrad Jorsch2016-02-101-9/+6
|/ | | | | | | Also "function () use ( &$ref )" that was being done for similar reasons. Change-Id: If4ec263a9a9c02c1c6a414b26a0e77ba144437f1
* Merge "Update session log messages"jenkins-bot2016-02-085-70/+239
|\
| * Update session log messagesBryan Davis2016-02-065-70/+239
| | | | | | | | | | | | | | | | * Use PSR-3 templates and context where applicable * Add log coverage for exceptional events Bug: T125452 Change-Id: I8f96fa1c5766c739a21219abcae2dbb76de53e2a
* | Merge "Introduce User::INVALID_TOKEN"jenkins-bot2016-02-081-7/+0
|\ \ | |/ |/|
| * Introduce User::INVALID_TOKENBrad Jorsch2016-02-031-7/+0
| | | | | | | | | | | | | | | | | | | | To avoid having to have SessionManager try to reset sessions on every request, we set the user_token to a special value. When that value is present, User::getToken() returns a different value every time (so existing checks will fail) and User::setToken() refuses to alter it. Bug: T124414 Change-Id: Ie4c84ce993e40a081288cf5a543f8ba99f98806a
* | Merge "Disable automatic cache headers associated with starting a session"jenkins-bot2016-02-042-1/+6
|\ \
| * | Disable automatic cache headers associated with starting a sessionBryan Davis2016-02-032-1/+6
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Follow up to 7491b52. The 'private, must-revalidate' argument to session_cache_limiter() does not match any expected values for the function. This results in the PHP runtime treating it like the documented empty string argument which completely disables the automatic addition of cache related headers. Change the implementation to use the empty string argument explicitly rather than continuing to rely on the undocumented and potentially confusing existing behavior. session_cache_limiter( '' ) is called unconditionally in MediaWiki\Session\PHPSessionHandler::install(). This is safe now that it is understood that we are disabling the setting of the automatic headers. Bug: T124510 Change-Id: I63164f8b7a408e370ff01dead42be27a0135dd35
* / Clean up after Ie161e0fBrad Jorsch2016-02-032-79/+28
|/ | | | | | | | | | | | | | | Ie161e0f was done in a hurry, and so didn't do things in the best ways. This introduces a new "CachedBagOStuff" that transparently handles all the logic that had been copy-pasted all over in Ie161e0f. The differences between CachedBagOStuff and MultiWriteBagOStuff are: * CachedBagOStuff supports only one "backend". * There's a flag for writes to only go to the in-memory cache. * The in-memory cache is always updated. * Locks go to the backend cache (with MultiWriteBagOStuff, it would wind up going to the HashBagOStuff used for the in-memory cache). Change-Id: Iea494729bd2e8c6c5ab8facf4c241232e31e8215
* Revert "Remove SessionManager, temporarily"Brad Jorsch2016-02-0314-0/+4491
| | | | | | This reverts commit 823db5d63dd5200d04c63da50ba6bf16f928e70b. Change-Id: Ibb3e023e4eb6715295586dea87d0725c344a8271
* Remove SessionManager, temporarilyBrad Jorsch2016-02-0114-4491/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The plan here is to take it out of 1.27.0-wmf.12 and put it back in 1.27.0-wmf.13. Since BotPasswords depends on SessionManager, that's getting temporarily removed too. This reverts the following commits: * 6acd424e0dbc322e8b9a141bd2625453c1b9b6f1 SessionManager: Notify AuthPlugin before calling hooks * 4d1ad32d8acbd443346253d2f6a95024c833295c Close a loophole in CookieSessionProvider * fcdd643a46d87b677f6cdcc3ba9440e1472d8df7 SessionManager: Don't save non-persisted sessions to backend storage * 058aec4c76129b7ee8541692a8a48f8046e15bb6 MessageCache: Don't get a ParserOptions for $wgUser before the end of Setup.php * b5c0c03bb708f8dad6e404969df8addc123984db SessionManager: Save user name to metadata even if the user doesn't exist locally * 13f2f09a193215aa7a061d10a1955e172d06fa0a SECURITY: Fix User::setToken() call on User::newSystemUser * 305bc75b27903237a9683ec1f329bcbec0ecd266 SessionManager: Don't generate user tokens when checking the tokens * 7c4bd85d2152fd9fa975ea0fb5ffb1a0b804f99b RequestContext::exportSession() should only export persisted session IDs * 296ccfd4a9a6ad3ae412db7e2408c923aaa61f64 SessionManager: Save 'persisted' flag in session metadata * 94ba53f67731b0553a6178841d9506e384f74496 Move CSRF token handling into MediaWiki\Session\Session * 46a565d6b00174e631d2022b47677e1a78e73897 Avoid false "added in both Session and $_SESSION" when value is null * c00d0b5d94c946b8883dd7062bf7160a199aa5c2 Log backtrace for "User::loadFromSession called before the end of Setup.php" * 4eeff5b559e2ae7b8fa1f45572968ba28573a421 Use $wgSecureCookie to decide whether to actually mark secure cookies as 'secure' * 7491b52f700e220814a8190781fd794b4dd88a20 Call session_cache_limiter() before starting a session * 2c34aeea72471f9a598e67bdbf34bc5f9fb3f0c5 SessionManager: Abstract forceHTTPS cookie setting * 9aa53627a53aabec0273cecf45a86e77927ef406 Ignore auth cookies with value 'deleted' * 43f904b51a746d7f71ea2ab9951c5c98d269765b SessionManager: Kill getPersistedSessionId() * 50c52563528ba3d765c3762211f98d6f3c0e39fd SessionManager: Add SessionBackend::setProviderMetadata() * f640d403154bc0a2b4f6d399582797a9e3bc6fcb SessionManager: Notify AuthPlugin when auto-creating accounts * 70b05d1ac1e859bac2185b246e9b93ec9051e4d8 Add checks of $wgEnableBotPasswords in more places * bfed32eb78b6c720b16bc7ed60153fd2fe257a9e Do not raise a PHP warning when session write fails * 722a7331ad8d98228511f8da38adc7a3c64dd617 Only check LoggedOut timestamp on the user loaded from session * 4f5057b84b36eccd16627a6b29831dfdb4483b02 SessionManager: Change behavior of getSessionById() * 66e82e614e157e39b03d813e71ddf23f53cf640b Fix typo in [[MediaWiki:Botpasswords-editexisting/en]] * f9fd9516d922d36291037baca7205a2b0ac9f15f Add "bot passwords" * d7716f1df0b692902571bf415a0984071e3e9a60 Add missing argument for wfDebugLog * a73c5b7395a07d490f7052fd3b2491ebd656b190 Add SessionManager Change-Id: I2389a8133e25ab929e9f27f41fa9a05df8147a50
* SessionManager: Notify AuthPlugin before calling hooksBrad Jorsch2016-02-011-5/+5
| | | | | | | | | | | This avoids a race in CentralAuth: * The user doesn't exist locally, so CA wants to create it * Auto-creation adds the user to the database * A hook function tries to access the session; now the user does exist locally but isn't yet attached, so CA rejects the session. Bug: T125283 Change-Id: I6024885e3cf9c85c527fc160577f66ff97451c98
* Close a loophole in CookieSessionProviderBrad Jorsch2016-01-311-11/+15
| | | | | | | | | | | | | | | | | | There's a crazy-small chance that someone could have a logged-out session (e.g. by logging out or visiting a page that creates a session despite being logged out), then the session expires, then someone else logs in and gets the same session ID (which is about a 1 in a quindecillion chance), then the first person comes in and picks up the second person's session. To avoid that, if there's no UserID cookie set (or the cookie value is 0) then indicate that the SessionInfo is for a logged-out user. No idea if this is actually what happened in T125283, but it's worth fixing anyway. Bug: T125283 Change-Id: I44096c69aa7bd285e4e2472959e8d892200c5f2c
* SECURITY: Fix User::setToken() call on User::newSystemUserGergő Tisza2016-01-291-1/+1
| | | | | | | | | This was supposed to reset the user token but did set it to '1' because User::setToken accepts bool/string but only treats true as bool. Bug: T125161 Change-Id: Ia4196eba92cd4d170a3023db0f540a2972ffad4f
* SessionManager: Don't save non-persisted sessions to backend storageBrad Jorsch2016-01-302-21/+75
| | | | | | | | | This introduces an in-process cache (using a HashBagOStuff) for session data, and only saves to the external cache when the session is persisted. Bug: T125267 Change-Id: Ie161e0f7522cd68515b060ad8cf8c151b7198b0b
* SessionManager: Save user name to metadata even if the user doesn't exist ↵Brad Jorsch2016-01-281-1/+1
| | | | | | | locally Bug: T125133 Change-Id: I12ff84db614f0d5839457aa92be58c62b3a4e8fd
* SessionManager: Don't generate user tokens when checking the tokensBrad Jorsch2016-01-283-4/+4
| | | | | | | | | | | | Looking at the pre-SessionManager token checking, it's apparently valid to log in despite user_token being empty. The stored token just gets compared against the empty string that got returned previously. This also cleans up some checks that assumed $user->getToken() didn't automatically create the token if one wasn't already set. Bug: T125114 Change-Id: Ia3d2382e96e2a0146f33fb7193a2e00ea72e51a0
* Merge "Move CSRF token handling into MediaWiki\Session\Session"jenkins-bot2016-01-282-0/+177
|\
| * Move CSRF token handling into MediaWiki\Session\SessionBrad Jorsch2016-01-272-0/+177
| | | | | | | | | | | | | | User keeps most of its token-related methods because anon edit tokens are special. Login and createaccount tokens are completely moved. Change-Id: I524218fab7e2d78fd24482ad364428e98dc48bdf
* | SessionManager: Save 'persisted' flag in session metadataBrad Jorsch2016-01-272-0/+5
|/ | | | | | | | This allows SessionManager::getSessionById()->isPersisted() to be reliably set. Otherwise it depends on whether the SessionBackend is still loaded or not. Change-Id: I17733559ac5d8fff13881664333f61d36f610b6d
* Avoid false "added in both Session and $_SESSION" when value is nullBrad Jorsch2016-01-261-2/+2
| | | | | | | Needs to use array_key_exists(), not isset(). Bug: T124371 Change-Id: I794f0ec793fc91ec68393443f839cfc8a154613e
* Use $wgSecureCookie to decide whether to actually mark secure cookies as ↵Brad Jorsch2016-01-251-1/+4
| | | | | | | | | | 'secure' The pre-SessionManager code did this, and the change in combination with the API not honoring forceHTTPS led to T124252. Bug: T124252 Change-Id: Ic6a79fbb30491040facd7c200b1f47d6b99ce637
* Call session_cache_limiter() before starting a sessionBryan Davis2016-01-251-0/+1
| | | | | | | | | | | | | | | | | | | Call `session_cache_limiter( 'private, must-revalidate' );` before starting a session to specify the cache control headers that PHP will automatically emit. The calls are wrapped in MediaWiki\quietCall to suppress "headers have already been sent" warnings that may come from PHP. If not called explicitly PHP will default to using the value of the session.cache_limiter ini setting. Some values of that setting will cause PHP to add a "Pragma: no-cache" header to the response. Certain user agents (e.g. Firefox) treat that particular header as a signal to aggressively flush the response from local cache to the point that back button navigation will not work. The value used was present in `wfSetupSession` prior to a73c5b7. Bug: T124510 Change-Id: I942f8420c39c8cec5781ea8f6cc5619fd15f13cd
* SessionManager: Abstract forceHTTPS cookie settingBrad Jorsch2016-01-251-5/+24
| | | | | | | | | | | | | | | This allows CentralAuthSessionProvider to avoid doing craziness like this all the time: Set-Cookie: forceHTTPS=true; path=/; httponly Set-Cookie: forceHTTPS=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; httponly Set-Cookie: forceHTTPS=true; path=/; domain=.wikipedia.org; httponly Set-Cookie: forceHTTPS=true; path=/; httponly Set-Cookie: forceHTTPS=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; httponly Set-Cookie: forceHTTPS=true; path=/; domain=.wikipedia.org; httponly Bug: T124421 Change-Id: I7e02afd032a246df6850208c26d3447798bc0fc2
* Move avoidance of setting deleted cookies into WebResponseBrad Jorsch2016-01-251-22/+6
| | | | | | | | | | | | | | | There's no reason this should be only in CookieSessionProvider when we're already handling deduplication in WebResponse. Further, this fixes the bug in the existing CookieSessionProvider implementation that a setCookie() followed by a clearCookie() wouldn't actually clear the cookie. This reverts commit 1ce684fcef1ee69ca0921c05081cae47f90939e5. Bug: T124252 Change-Id: I1098d054facacd59f03ebed7c747ec9ff6bf66e7 Depends-On: I61d14bf80fa7c857dec9cffb366dc3f84dbb4faf
* Only delete cookies which are actually setGergő Tisza2016-01-221-6/+22
| | | | | | | | | | Some API clients seem to be confused by cookie deletion. Prevent cookie deletion on the first leg of the API login sequence (for a client with an empty cookie jar) by only emitting deletion headers for cookies which are set in the current request. Bug: T124252 Change-Id: I180e094ea32f951e22adab2ec87d16e5de7cef97
* Ignore auth cookies with value 'deleted'Gergő Tisza2016-01-221-8/+30
| | | | | | | | | | | | | 'deleted' is the value PHP sets when it deletes a cookie (via the Expires/Max-Age headers). Apparently some clients ignore the expiration date and send 'deleted' back; these clients now cannot login due to some slight changes in exactly when cookies are set/deleted during the login process. To keep those clients from breaking, ignore this special value. Bug: T124252 Change-Id: Icd0e1bcd8efe0869da981352763d25e4f8075bf2
* SessionManager: Kill getPersistedSessionId()Brad Jorsch2016-01-222-24/+0
| | | | | | | | | | | | | | It's not guaranteed that loadSessionFromStore() will succeed after whatever alterations the SessionProvider might have made later in the request. So instead, let's make a new global object that stores the SessionId of the persistent session that was loaded during Setup.php, if any. Then we can check that when we need to know whether the session was persisted. Bug: T124468 Change-Id: I1e8e616c83b16aadd86b0a0a40826d40f6e8abe4
* SessionManager: Add SessionBackend::setProviderMetadata()Brad Jorsch2016-01-221-1/+20
| | | | | | | | Providers might need to update their metadata at times other than when they're creating the SessionInfo. Bug: T124409 Change-Id: Ia9d113c93726205de85df65bf85faef74c73c949
* SessionManager: Notify AuthPlugin when auto-creating accountsBrad Jorsch2016-01-211-0/+10
| | | | | Bug: T74791 Change-Id: Iabb44d58a922051ca2d70a052d6c53734a4f8936
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-25 07:49:50 +0000