Gergő Tisza has uploaded a new change for review.
https://gerrit.wikimedia.org/r/288212
Change subject: Set force-use flag when not using cookies to store the session
ID
......................................................................
Set force-use flag when not using cookies to store the session ID
See core patch I8c6fab2ec for the rationale. This is safe without the
core patch, it just won't fix the bug without it.
Change-Id: Ie5976d4c51d7f5220cce6b2c12531b2a09a39791
(cherry picked from commit 9830069509e183927ba73868bd7adeb72d084937)
---
M api/MWOAuthSessionProvider.php
1 file changed, 3 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OAuth
refs/changes/12/288212/1
diff --git a/api/MWOAuthSessionProvider.php b/api/MWOAuthSessionProvider.php
index a6c193a..889d131 100644
--- a/api/MWOAuthSessionProvider.php
+++ b/api/MWOAuthSessionProvider.php
@@ -125,9 +125,11 @@
$wiki,
) ) );
$persisted = false;
+ $forceUse = true;
} else {
$id = $this->getSessionIdFromCookie( $request );
$persisted = $id !== null;
+ $forceUse = false;
}
return new SessionInfo( SessionInfo::MAX_PRIORITY, array(
@@ -135,6 +137,7 @@
'id' => $id,
'userInfo' => UserInfo::newFromUser( $localUser, true ),
'persisted' => $persisted,
+ 'forceUse' => $forceUse,
'metadata' => array(
'key' => $accesstoken->key,
'rights' => \MWGrants::getGrantRights(
$access->get( 'grants' ) ),
--
To view, visit https://gerrit.wikimedia.org/r/288212
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ie5976d4c51d7f5220cce6b2c12531b2a09a39791
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/OAuth
Gerrit-Branch: REL1_27
Gerrit-Owner: Gergő Tisza <[email protected]>
Gerrit-Reviewer: Anomie <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
