Aaron Schulz has uploaded a new change for review. https://gerrit.wikimedia.org/r/79351
Change subject: Keep session data accross requests (even client ignores cookies) ...................................................................... Keep session data accross requests (even client ignores cookies) Change-Id: Ie861487ad6768c7f702d107a9f325a2f6635edab --- M api/MWOAuthAPI.setup.php 1 file changed, 13 insertions(+), 2 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OAuth refs/changes/51/79351/1 diff --git a/api/MWOAuthAPI.setup.php b/api/MWOAuthAPI.setup.php index 1e57e9a..e661eb8 100644 --- a/api/MWOAuthAPI.setup.php +++ b/api/MWOAuthAPI.setup.php @@ -81,6 +81,8 @@ * @return boolean */ public static function onUserLoadFromSession( User $user, &$result ) { + global $wgMemc; + $user->oAuthSessionData = array(); try { $accesstoken = self::getOAuthAccessToken(); @@ -107,8 +109,17 @@ 'accesstoken' => $accesstoken, 'rights' => MWOAuthUtils::getGrantRights( $access->get( 'grants' ) ), ); - // Setup a session for this OAuth user, so edit tokens work - wfSetupSession(); + // Setup a session for this OAuth user, so edit tokens work. + // Preserve the session ID used so clients can ignore cookies. + $key = wfMemcKey( 'oauthsessionid', $access->get( 'id' ) ); + $sessionId = $wgMemc->get( $key ) ?: MWCryptRand::generateHex( 32, true ); + $wgMemc->set( $key, $sessionId, 3600 ); // create/renew + wfSetupSession( $sessionId ); // create/reuse this "anonymous" session + Hooks::register( 'AfterFinalPageOutput', function( $out ) { + // Just in case, make sure this is not a valid login session for sanity + RequestContext::getMain()->getRequest()->setSessionData( 'wsUserName', null ); + } ); + $result = true; } } catch( ErrorPageError $ex ) { -- To view, visit https://gerrit.wikimedia.org/r/79351 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ie861487ad6768c7f702d107a9f325a2f6635edab Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/OAuth Gerrit-Branch: master Gerrit-Owner: Aaron Schulz <asch...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits