Page MenuHomePhabricator
Create Task
Maniphest T291127

MediaWiki session management does not work on split PHP 7.4 and < PHP 7.4 cluster
Closed, ResolvedPublic
Actions

Description

When we upgraded to PHP 7.4 on our first traffic serving server, users were reporting they were being logged out.

This is because http://bugs.php.net/78929 is not backwards compatible.

Can we implement something to make it work?

Details

SubjectRepoBranchLines +/-
Always encode spaces in cookie values as "%20"mediawiki/coreREL1_35+40 -29
Always encode spaces in cookie values as "%20"mediawiki/coreREL1_36+40 -29
Always encode spaces in cookie values as "%20"mediawiki/coreREL1_37+40 -29
Always encode spaces in cookie values as "%20"mediawiki/coremaster+40 -29
Customize query in gerrit

Related Objects
Search...

StatusSubtypeAssignedTask
 ResolvedNoneT248925 Make MediaWiki release tarball compatible with PHP 8.0
 ResolvedJdforrester-WMFT300463 Make PHP 8.0 voting on MW master
 ResolvedJdforrester-WMFT313563 Bump lcobucci/jwt & league/uri-components for php8
 ResolvedJdforrester-WMFT313564 Bump onoi/message-reporter in vendor.git to 1.4.2 for php 8 support
 ResolvedJdforrester-WMFT247658 Make Wikimedia Production MediaWiki compatible with PHP 7.4
 Resolved toanT243590 Fix WikibaseDataModel CI for php 7.4
 ResolvedLucas_Werkmeister_WMDET316923 Restore skipped test in ReferenceListTest.php
 ResolvedJoeT318918 Undeploy patch to use old PHP serialization in PHP 7.4
 ResolvedJdforrester-WMFT264168 Drop PHP 7.2 support from Wikibase master branch, once Wikimedia production is on 7.4
 ResolvedLadsgroupT270740 Drop hacky support for doctrine/dbal class renaming
 InvalidNoneT303505 [S] Remove Deprecated methods "serialize" and "unserialize" after php production upgrade to PHP 7.4
 ResolvedReedyT251043 Cleanup css-sanitizer when it only requires PHP >= 7.4
 OpenNoneT166010 The Great Namespaceization Effort
 ResolvedtstarlingT277618 var_dump() on various objects writes gigabytes of data and takes minutes to run
 ResolvedJdforrester-WMFT261872 Drop PHP 7.2 & 7.3 support from MediaWiki master branch, once Wikimedia production is on 7.4
 ResolvedPRODUCTION ERRORLegoktmT293568 PHP Notice: Undefined offset in wikimedia/remex-html when rendering rest.php error page
 ResolvedtstarlingT297667 mysqli/mysqlnd memory leak
 ResolvedJoeT271736 Migrate WMF production from PHP 7.2 to PHP 7.4
 ResolvedPleaseStandT291127 MediaWiki session management does not work on split PHP 7.4 and < PHP 7.4 cluster

Event Timeline

RhinosF1 created this task.Sep 15 2021, 7:37 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 15 2021, 7:37 PM
RhinosF1 added a project: User-RhinosF1.Sep 15 2021, 7:38 PM
RhinosF1 moved this task from Radar to Miraheze-Linked on the User-RhinosF1 board.
RhinosF1 moved this task from Backlog to MediaWiki core on the PHP 7.3 support board.
RhinosF1 moved this task from Backlog to MediaWiki core on the PHP 7.4 support board.
RhinosF1 added subscribers: taavi, Reception123, Paladox.

https://phabricator.miraheze.org/P445 for errors I collected

RhinosF1 added a parent task: T271736: Migrate WMF production from PHP 7.2 to PHP 7.4.Sep 15 2021, 7:42 PM
RhinosF1 mentioned this in T271736: Migrate WMF production from PHP 7.2 to PHP 7.4.
Michael subscribed.Sep 16 2021, 8:04 AM
taavi added a project: Platform Engineering.Sep 16 2021, 9:07 AM
Daimona subscribed.Sep 16 2021, 4:26 PM
R4356th subscribed.Sep 17 2021, 9:49 AM
Reedy renamed this task from MediaWiki session management does not work on split php7.3 & php7.4 cluster to MediaWiki session management does not work on split PHP 7.4 and < PHP 7.4 cluster.Sep 22 2021, 2:28 PM
Reedy removed a project: MediaWiki-User-login-and-signup.
Reedy subscribed.Sep 22 2021, 3:33 PM

For clarity, is it all users? Or just users with spaces in their usernames?

And what PHP version are you going from (full version) and to (full version)?

RhinosF1 added a comment.Sep 22 2021, 3:38 PM
In T291127#7372112, @Reedy wrote:

For clarity, is it all users? Or just users with spaces in their usernames?

And what PHP version are you going from (full version) and to (full version)?

Debian standard (7.3.29-1~deb10u1 -> 7.4.21) and yes the issue only affects users (so far) with spaces. Not sure if any other characters changed (non-english?)

Lens0021 subscribed.Sep 23 2021, 2:08 AM
gerritbot added a comment.Oct 4 2021, 5:43 AM

Change 725501 had a related patch set uploaded (by PleaseStand; author: PleaseStand):

[mediawiki/core@master] Always encode spaces in cookie values as \"%20\"

https://gerrit.wikimedia.org/r/725501

gerritbot added a project: Patch-For-Review.Oct 4 2021, 5:43 AM
Reedy added projects: MW-1.35-release, MW-1.36-release, MW-1.37-release.Oct 8 2021, 11:41 PM
Universal_Omega subscribed.Oct 9 2021, 2:12 AM
Reedy merged a task: T243667: Cannot log in when username contains spaces in PHP 7.4: "wrong username or password".Oct 12 2021, 8:11 PM
Reedy added subscribers: alex-mashin, Rainer_Klute, jhsoby-WMNO and 4 others.
gerritbot added a comment.Oct 18 2021, 12:02 AM

Change 725501 merged by jenkins-bot:

[mediawiki/core@master] Always encode spaces in cookie values as \"%20\"

https://gerrit.wikimedia.org/r/725501

Maintenance_bot removed a project: Patch-For-Review.Oct 18 2021, 12:10 AM
ReleaseTaggerBot added a project: MW-1.38-notes (1.38.0-wmf.5; 2021-10-19).Oct 18 2021, 1:00 AM
gerritbot added a comment.Oct 18 2021, 6:20 AM

Change 731233 had a related patch set uploaded (by Reedy; author: PleaseStand):

[mediawiki/core@REL1_37] Always encode spaces in cookie values as \"%20\"

https://gerrit.wikimedia.org/r/731233

gerritbot added a project: Patch-For-Review.Oct 18 2021, 6:20 AM

Change 731234 had a related patch set uploaded (by Reedy; author: PleaseStand):

[mediawiki/core@REL1_36] Always encode spaces in cookie values as \"%20\"

https://gerrit.wikimedia.org/r/731234

gerritbot added a comment.Oct 18 2021, 6:21 AM

Change 731235 had a related patch set uploaded (by Reedy; author: PleaseStand):

[mediawiki/core@REL1_35] Always encode spaces in cookie values as \"%20\"

https://gerrit.wikimedia.org/r/731235

gerritbot added a comment.Oct 18 2021, 10:56 AM

Change 731233 merged by jenkins-bot:

[mediawiki/core@REL1_37] Always encode spaces in cookie values as \"%20\"

https://gerrit.wikimedia.org/r/731233

gerritbot added a comment.Oct 18 2021, 10:56 AM

Change 731235 merged by jenkins-bot:

[mediawiki/core@REL1_35] Always encode spaces in cookie values as \"%20\"

https://gerrit.wikimedia.org/r/731235

gerritbot added a comment.Oct 18 2021, 10:57 AM

Change 731234 merged by jenkins-bot:

[mediawiki/core@REL1_36] Always encode spaces in cookie values as \"%20\"

https://gerrit.wikimedia.org/r/731234

Maintenance_bot removed a project: Patch-For-Review.Oct 18 2021, 11:10 AM
Lens0021 unsubscribed.Oct 18 2021, 11:11 AM
ReleaseTaggerBot added projects: MW-1.37-notes, MW-1.35-notes, MW-1.36-notes.Oct 18 2021, 3:00 PM
Reedy closed this task as Resolved.Oct 19 2021, 4:35 PM
Reedy assigned this task to PleaseStand.
RhinosF1 added a comment.Oct 19 2021, 6:05 PM

Patches have been deployed by me but I still couldn't log in on test3.miraheze.org

Reedy added a comment.Oct 19 2021, 9:40 PM
In T291127#7441889, @RhinosF1 wrote:

Patches have been deployed by me but I still couldn't log in on test3.miraheze.org

Noting that means nothing to anyone here.

Any bad cookies will stay bad, those aren't going to be fixed.. They'll have to log out and back in again at least...

RhinosF1 added a comment.Oct 19 2021, 9:55 PM
In T291127#7442598, @Reedy wrote:
In T291127#7441889, @RhinosF1 wrote:

Patches have been deployed by me but I still couldn't log in on test3.miraheze.org

Noting that means nothing to anyone here.

Any bad cookies will stay bad, those aren't going to be fixed.. They'll have to log out and back in again at least...

Tried in incognito so none were there.

Aklapper edited projects, added affects-Miraheze; removed User-RhinosF1.Aug 15 2022, 1:19 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits