| 11 Feb 2021 |
 rundg | Is there a project Canasta meeting now? | 14:07:05 |
 bryandamon | https://meet.google.com/wrq-gjsp-jpz | 14:11:29 |
| 12 Feb 2021 |
 darenwelsh | so the reason I dropped the spreadsheet example in here was that it's an area where I see MediaWiki catering to Wikipedia application and ignoring the real prospect for functionality that would obviously increase enterprise adoption. Whether it's an extension or widget or built into core, the point is that if you really want people who are used to using the typical office tools to use MediaWiki, the software has to evolve to take on these necessary features. Until then these gaps will always cause them to stick with what is comfortable. | 01:26:54 |
 richardheigl | Can please somebody remove mail email adress in ths mwstake blog post please? https://mwstake.org/mwstake/wiki/Blog_Post:53
I don't have edit rights and become spammed. | 10:22:04 |
| bryandamon | Done I think. That ok? | 10:30:05 |
| richardheigl | Looks good!! Thank you! | 10:33:06 |
 hexmode | SSO is kicking my butt. This time, it is double prompts with Chrome for mod_auth_kerb | 17:52:14 |
| hexmode | I try to be faithful to DDG, but Google keeps finding stuff like Why does the basic AUTH box pop up twice in Chrome but not Firefox with spnego SSO | 17:58:50 |
| hexmode | What is weird is that Chrome inherits IE's settings and uses them, but uses them in a completely weird and not always compatible way: Comment 6 on this chromium bug shows that. | 18:31:55 |
| 15 Feb 2021 |
 Robert Vogel | We also had that "double prompting" once. If I remember correctly this was because there were two values in the "Authorization" header and Chrome prompted for each of them individually | 12:35:04 |
| hexmode | osnard83: yes, exactly. | 15:23:55 |
| hexmode | well, not exactly | 15:24:43 |
| hexmode | the first prompt had negotiate headers | 15:25:00 |
| hexmode | * the first response from the server had negotiate headers | 15:25:15 |
| hexmode | the second did not | 15:25:22 |
| hexmode | anyway, the trick was to tell IE that this was a "safe site" | 15:26:00 |
| hexmode | or something. I should not have put safe site in quotes. probably telling it that the site is one that can use credentials with | 15:27:32 |
| hexmode | so, in corporate environment, you have IE settings affecting Chrome's behavior | 15:28:09 |
| 16 Feb 2021 |
| Robert Vogel | Good to know. Thanks! | 09:08:27 |
 justinl | Hey all, is there any easy way to force a logout (invalidate the current login) of a logged-in user? I have a script now for forcing a user to reset their password (setting an old value to user.user_password_expires) but that doesn't impact any current logins. | 21:49:01 |
| hexmode | justinl: changing the cookie prefix will log out all users: https://www.mediawiki.org/wiki/Manual:$wgCookiePrefix | 23:02:27 |
 tgr | that's a rather terrible way of logging people out, all the attacker would have to do is changing the prefix on their end | 23:10:35 |
| tgr | a password reset will log the user out | 23:11:21 |
| tgr | other devices of the user, I mean | 23:11:29 |
| tgr | ...or maybe not if they are logged in via the "remember me" option? I'd have to check. It does reset the session ID for sure. | 23:12:30 |
| tgr | but if you want something more manual, there's a maintenance script conveniently named invalidateUserSessions.php | 23:13:36 |
| tgr | and if you want to do mass logouts, you can change the $wgAuthenticationTokenVersion | 23:15:08 |
| 17 Feb 2021 |
| justinl | @tgr | 10:32:58 |
| justinl | * @tgr hexmode The invalidateUserSessions.php seems to do the trick nicely, esp. since I only want to do it on a per-user basis, though it does throw a warning as well: PHP Warning: curl_multi_setopt(): CURLPIPE_HTTP1 is no longer supported in /PATH/TO/includes/libs/http/MultiHttpClient.php on line 455 | 10:34:30 |
| justinl | * hexmode @tgr The invalidateUserSessions.php seems to do the trick nicely, esp. since I only want to do it on a per-user basis, though it does throw a warning as well: PHP Warning: curl_multi_setopt(): CURLPIPE_HTTP1 is no longer supported in /PATH/TO/includes/libs/http/MultiHttpClient.php on line 455 | 10:34:59 |
