Just to be sure this is in perspective: by default each wiki writes a
separate cookie that is named with the wiki DB name. The collision I
describe below would take place _only_ if, as suggested earlier, wikis were
to use the _same_ user cookie.
-- Joshua
On 3/27/06 5:17 PM, "Joshua Yeidel" <yeidel(a)wsu.edu> wrote:
It's not clear that multiple MediaWiki's _can_
share the same user cookie if
you are using the login code as-shipped.
Each wiki has its own user table and its own user tokens. If you log in to
one wiki (say, "W1"), it puts a token in your cookie and writes it in its W1
user table. When you go to another wiki ("W2"), it checks your token from
the cookie and ... Doesn't find it in _its_ user table. When the token is
not found, you are not considered to be logged in. So you have to log in to
W2. W2 generates a new token, and writes the token in the cookie. Now
suppose you go back to W1. W1 checks your token from the cookie -- but the
new W2 token isn't in _its_ (W1) user table. So you have to log in again to
W1.
Mashing the code to use the same user table for different wikis is well
beyond _my_ appetite for punishment, but you may feel differently.
If you really want single signon, check out Gregory Szorc's comments earlier
today (as replayed by Matt England):
At 3/25/2006 11:30 AM, Gregory Szorc wrote:
There are multiple ways to implement single
sign-on (SSO). The way you
describe, a user goes to a URL, signs in, and gets logged in to other
applications right there and then using HTTP calls on behalf of a
user. This is pretty insecure and a pain to implement. It also doesn't
scale very well.
Another way to implement single sign-on is with a single sign-on server,
which has a single sign-on protocol. When a user logs in to any
application using SSO, they get whisked away to the SSO server. If they
aren't logged in to the server, they get prompted for their
credentials. When they are logged in, they get signed in to the desired
application.
As for SSO servers, I recommend CAS
(
http://www.ja-sig.org/products/cas/). It has clients for almost every
language, including PHP, and the protocol is simple enough to create
clients in other languages. I have successfully deployed MediaWiki behind
it. It shouldn't be difficult getting it to work with the other
applications either.
Gregory Szorc
gregory.szorc(a)case.edu
-- Joshua
On 3/24/06 2:18 PM, "Sy Ali" <sy1234(a)gmail.com> wrote:
I've got some issues with multiple wikis
timing out and forcing
multiple logins throughout the day. They're all hosted on the same
machine in different subdirectories (for various reasons).
I do recall that there is some functionality to tweak how these wikis
create their cookies.. in theory they could all share the same one.
I'm not sure where to begin looking for the answers so I thought I'd
ask.
_______________________________________________
MediaWiki-l mailing list
MediaWiki-l(a)Wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
_______________________________________________
MediaWiki-l mailing list
MediaWiki-l(a)Wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l