I installed MediaWiki today on my Pioneer FreedomBox and the install itself was succesful. However, I could not login to MediaWiki. Every login attempt from Firefox (on Ubuntu 18.04) and Safari gave an error message saying (roughly) “login canceled to prevent session hijacking”.
After trying a reinstallation which didn’t help I found the following thread where the same error message was discussed (but here not for the login but when using the password reset button)
One of the solutions mentioned there is to include the following to LocalSettings.php:
(a) $wgMainCacheType = CACHE_ACCEL;
(b) $wgSessionCacheType = CACHE_DB;
While (a) was already included in LocalSettings.php of the FreedomBox MediaWiki installation, (b) was not. After adding (b) now the login works.
Is this a bug? Should I file an issue?
Are there any unwanted consequences (e.g. regarding Security) when adding $wgSessionCacheType = CACHE_DB?
I had the same problem and your solution worked.
@chkmue, Thank you for the analysis and fix. Given that the solution is available and researched a patch should be straight forward. Please open an issue at this seems serious. Let us nominate the bug for targeting for next release too.
Created an issue and prioritized for next release
just wanted to confirm that I ran into the same issue.
second post of my pioneer edition which I got a couple of weeks ago from Olimex (running 19.22).
Network setup at home for testing works fine, got a fixed IP assigned and allt he usual jazz. Also running in DMZ for now. Plugged in directly into my router.
Could get most things going pretty easily, updated the box, installed mediawiki etc. Unfortunately I have a weird issue with Mediawiki:
- app installed just fine
- configured media wiki app to enable private mode and assigned new admin PW
- opened media wiki install via web launcher to /mediawiki/
- tried to login to add more users and set up media wiki via /mediawiki/Special:UserLogin
got the following error message:
Blockquote There seems to be a problem with your login session; this action has been canceled as a precaution against session hijacking. Please resubmit the form.
Tried using the user name: admin (as suggested in the app config) and also tried my admin username for the overall freedom box. Same result. Reset PW various times, even to simple stuff like 12345678? but still no change. Always get the same error message upon login.
where can I find/edit the local php files/settings on my freedom box? Please note, I still have the cockpit access white screen issue, so cannot get on there (which was my first thought), to change the files…
I logged in to the freedom via ssh and added the above mentioned entry ($wgSessionCacheType = CACHE_DB;) to the LocalSettings.php file which can be found in the directory /etc/mediawiki/.
I don’t remember if I needed to restart apache or rebooted the freedombox in order for it to take effect.
Hope that helps!
Thank you for the additional info, Chris!
I tried getting in with the vim command (using the new standard Windows 10 SSH). Btw, great website for that command or rather editing files in SSH explained: https://help.dreamhost.com/hc/en-us/articles/115006413028-Creating-and-editing-a-file-via-SSH
Unfortunately I could not open the LocalSettings.php using vim. The error I get is:
-bash: vim: command not found
I then tried using the nano command. It opens up the file, but warns me that the file is unwritable. I can even write the required change into the file, but it will not allow me to save the file.
I am logged in via SSH as my main (and only) admin user of the Freedombox… Any additional help would be much appreciated
Sorry, I should have mentioned that you need to open the file with sudo.
Please try “sudo nano LocalSettings.php”
vim seems not to be installed by default, though vi should be. I didn’t remember that. But nano is fine, too
Thanks for the link about SSH.
thank you the super user helped! Managed to change the file and save it, too!
Sorry fairly good with networks and normal UI, even windows registry and GPO, but really new to command line stuff in UNIX.
I have tried loggin into MediaWiki and can confirm that it now works. The fix can be replicated!
Thank you Chris for the fast and useful help!