Current configuration on the wiki
1682de5e83
SessionBackend::save() results in the session provider unpersisting when the session backend metadata is dirty (which is always true for a new session). This breaks the tombstone mechanism introduced in I3a76b67aa51159ebf0195db15cf7c34e00a64a2e: after the manager refuses to load the tombstoned session, it will create an empty session, and that will unpersist the session ID and log the user out if the session ID was the only thing that kept them logged in. Saving the session has two effects: the unpersisting (invalid cookies are cleaned up) and saving the session data in in-process cache (but not the real storage). The latter might cause an extra session storage read per unauthenticated request, though in theory it shouldn't as the SessionBackend itself gets cached so a new session lookup only happens for a different WebRequest object. Still, if it becomes a problem, we can just add some sort of explicit cache warming step to empty session creation. Skipping the unpersisting could mean that invalid (e.g. expired) session cookies stick around and prevent the user from being served from edge cache. But for non-tombstoned requests, as long as there is a syntactically valid session ID and either no user ID or a user ID pointing to a valid user, CookieSessionProvider will return a non-null session info, and SessionManager will reject it and unpersist; and CentralAuthSessionProvider behaves similarly except for the case when there is no local session cookie but there is a global session cookie on the second-level domain. That seems a narrow enough edge case to ignore. Bug: T299193 Change-Id: Ib34a84d1d3abbce4dcf7433b51abf6e694984c59 |
||
|---|---|---|
| .phan | ||
| .pipeline | ||
| cache | ||
| docs | ||
| extensions | ||
| images | ||
| includes | ||
| languages | ||
| maintenance | ||
| mw-config | ||
| resources | ||
| skins | ||
| tests | ||
| .dockerignore | ||
| .editorconfig | ||
| .eslintignore | ||
| .eslintrc.json | ||
| .fresnel.yml | ||
| .gitattributes | ||
| .gitignore | ||
| .gitreview | ||
| .mailmap | ||
| .phpcs.xml | ||
| .stylelintrc.json | ||
| .svgo.config.js | ||
| .vsls.json | ||
| api.php | ||
| autoload.php | ||
| CODE_OF_CONDUCT.md | ||
| composer.json | ||
| composer.local.json-sample | ||
| COPYING | ||
| CREDITS | ||
| DEVELOPERS.md | ||
| docker-compose.yml | ||
| FAQ | ||
| Gruntfile.js | ||
| HISTORY | ||
| img_auth.php | ||
| index.php | ||
| INSTALL | ||
| jsduck.json | ||
| load.php | ||
| opensearch_desc.php | ||
| package-lock.json | ||
| package.json | ||
| phpunit.xml.dist | ||
| README.md | ||
| RELEASE-NOTES-1.38 | ||
| RELEASE-NOTES-1.39 | ||
| rest.php | ||
| SECURITY | ||
| thumb.php | ||
| thumb_handler.php | ||
| UPGRADE | ||
MediaWiki
MediaWiki is a free and open-source wiki software package written in PHP. It serves as the platform for Wikipedia and the other Wikimedia projects, used by hundreds of millions of people each month. MediaWiki is localised in over 350 languages and its reliability and robust feature set have earned it a large and vibrant community of third-party users and developers.
MediaWiki is:
- feature-rich and extensible, both on-wiki and with hundreds of extensions;
- scalable and suitable for both small and large sites;
- simple to install, working on most hardware/software combinations; and
- available in your language.
For system requirements, installation, and upgrade details, see the files RELEASE-NOTES, INSTALL, and UPGRADE.
- Ready to get started?
- Looking for the technical manual?
- Seeking help from a person?
- Looking to file a bug report or a feature request?
- Interested in helping out?
MediaWiki is the result of global collaboration and cooperation. The CREDITS file lists technical contributors to the project. The COPYING file explains MediaWiki's copyright and license (GNU General Public License, version 2 or later). Many thanks to the Wikimedia community for testing and suggestions.