I've seen the same general type of problem (PHP app that confuses users with no
immediately obvious explanation) happen exactly
twice in a period of 6 years on some of my (non-MediaWiki) apps.
I'm not 100% sure why, and it's so rare that it's _extremely_ hard to be sure,
but my working theory is that by pure random fluke
two session_id strings or two session file names/keys have clashed, resulting in user
identity getting confused.
I recall reading an article in PHP|Architect around a year ago about how you could store
the first parts of the user's IP address +
the usual session_id stuff to lessen the chance of something like this (not eliminate it
however, since you could still have a large
proxy supporting many users, or an especially active subnet, and potentially have the same
thing) + other various tricks to switch
the session_id if it looks like someone is trying to spoof it or if there's an
accidental clash.
As a disclaimer, I have only very superficially scanned some of MediaWiki's session
handling code (so it could already have these
guards, I honestly don't know), but *maybe* it's something like this? That's
my first thought, anyway.
Certainly the number of WP users is much higher, so the chances of clashes happening
presumably are correspondingly greater too.
(i.e. on a long enough time-scale, and with enough permutations, the statistically
improbable becomes probable).
All the best,
Nick.
-----Original Message-----
From: wikitech-l-bounces(a)wikimedia.org
[mailto:wikitech-l-bounces@wikimedia.org]On Behalf Of Pill
Sent: Thursday, 24 August 2006 7:11 AM
To: Wikimedia developers
Subject: Re: [Wikitech-l] Weird block message
Some days ago on de.wp a user reported that he suddenly was logged in as
another user on Wikipedia. That happend on his own desk and in in his
opinion it was not possible that anyone else was at his computer. Maybe this
is associated with this problem? Imagine an anonymous is suddenly an admin
...
--
-- Pill (wiki.pill(a)gmail.com)
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/wikitech-l