[pmwiki-users] session problems

Peter Bowers pbowers at pobox.com
Tue Apr 22 14:17:41 CDT 2014


On Sat, Apr 12, 2014 at 11:32 AM, Petko Yotov <5ko at 5ko.fr> wrote:

> Other than that, apply the usual bug-hunting strategy: disable all
> customizations (simply rename config.php and create a clean clear one) then
> progressively add AuthUser, then all other recipes, and every time test the
> wiki, until you come to a state where the bug appears.


Well, I got around to trying to fix this and I'm stumped.

I renamed config.php and farmconfig.php and I still cannot log in to this
page which has a per-page password attached to it.

I looked at the value of $_SESSION in firefox (working) and in chrome (not
working) and the difference is that firefox has authpw set whereas chrome
does not.

So I looked at the value of $_REQUEST and $_POST at the *very top* of
pmwiki.php.  In firefox (working) I see this:

===(snip)===
aREQUEST=

Array
(
    [n] => Test2.Fey
    [authpw] => Secret
    [userlang] =>
    [__utma] => 40668285.348328946.1397164534.1398017197.1398019354.5
    [__utmz] =>
40668285.1397164534.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
    [PHPSESSID] => cd53316c99d3690c99942e7f0850b408
)


aPOST=

Array
(
    [authpw] => Secret

)
===(snip)===

And in Chrome I see this:

===(snip)===
aREQUEST=


Array
(
    [n] => Test2.Fey
    [userlang] => en
    [__utma] => 40668285.38466667.1397209880.1398017149.1398190718.4
    [__utmc] => 40668285
    [__utmz] =>
40668285.1397209880.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
    [PHPSESSID] => 08228d5e9d3a3393f5352487c73f314f
)


aPOST=


Array
(

)
===(snip)===

In both cases this is after having done ?action=logout and then immediately
entering the password and pressing submit - I'm giving you the tracing from
the page-load immediately upon submitting with the password.  No config.php
or farmconfig.php is active (still renamed to config.php.bak and
farmconfig.php.bak) and, even if they were active they couldn't affect the
value of $_REQUEST or $_POST in pmwiki.php well above where they are
included.

To be clear, this is what my pmwiki.php looks like starting at the very top:

===(snip)===
<?php
echo "aREQUEST=<pre>".print_r($_REQUEST,true)."</pre><br />\n";
echo "aPOST=<pre>".print_r($_POST,true)."</pre><br />\n";
/*
    PmWiki
    Copyright 2001-2014 Patrick R. Michaud
    pmichaud at pobox.com
===(snip)===

Obviously in both firefox and chrome I'm getting the error about the
headers already being sent (due to my tracing), but I don't think that's an
issue at all - the issue is that $_REQUEST doesn't hold the password
expected!  I have confirmed that on my machine IE works and on another
machine both chrome and firefox worked, but on a 3rd machine (remote - I
wasn't able to get a clear answer as to which browser they were using) they
were unable to log in.

Any ideas?

-Peter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pmichaud.com/pipermail/pmwiki-users/attachments/20140422/c90c1ee6/attachment.html>


More information about the pmwiki-users mailing list