00604: Can't authenticate with 2.1 beta2

Summary: Can't authenticate with 2.1 beta2
Created: 2005-11-23 04:42
Status: Closed - fixed in 2.1 beta5
From: floozy?
Priority: 5
Version: 2.1.beta2
OS: FreeBSD/Apache2/PHP 5.0.4


Yesterday evening, my personal Wiki installation was opened in my browser. I updated to 2.1 beta 2, hit F5 in the browser, and everything was fine!

This morning, I wasn't able to login any more. All my pages are password-protected using $DefaultPasswords. There was just a display of the page title, but no password prompt form. I re-uploaded things to make sure everything is there, and also checked the new Site.AuthForm page.

However, doesn't work, still. I noticed that no session-cookie is created (with both IE and FF), so this may be related to the new session-handling? session.cookie_lifetime is set to "until the browser is closed" in my php.ini file, I didn't change this value after the update.

Any advice how to get around this is appreciated, thanks!


Going back to version 2.1 beta1 works fine, so it seems that my troubles are related to changes introduced with 2.1 beta2.

Does it work for you at http://www.pmwiki.org/sandbox/authtest/pmwiki.php ? You can see the configuration file in use at http://www.pmwiki.org/sandbox/authtest/local .

If it doesn't work for you on pmwiki.org, then it's either a PmWiki bug or something about your browser setting.

If it works for you at pmwiki.org but not on your local system, it's likely an issue with PHP session handling on your server.

Either way I'd like to get this problem quashed. :-)

Thanks for taking the trouble and setting up a new sandbox! Your example works fine!

I've also moved my PmWiki installation to my local machine, running WinXP/Apache2/PHP 5.0.4, there's still the same problem.

I'm not using id-based authentication as in your sandbox, but only passwords in my local/config.php file:

        $DefaultPasswords['read']  = crypt('read');

I checked my installation with scripts/authuser.php and the same ids as in your example. This brought up a prompt for username and password, but I wasn't able to login, still (the login form always reappeared). But now there were two cookies: PHPSESSID and author.

I never get any PHP error messages or similar. The session-cookie is never sent to me with my password-only configuration (local XP and remote FreeBSD). I also noticed that the page actions in the upper right corner are never displayed, even if I remove all the passwords (this may not be a separate issue, but only a consequence of the authentication system not working properly?).

Thank you very much for your valuable time in investigation, so far.


My problem has been fixed with 2.1 beta5 (ChangeLog: Fixed bug with read-protected Site.AuthForm, reported by Matt Strauser). I was making some attempts with deletion of Site.AuthForm and I was expecting a falling back to a default prompt, but didn't recall this is same situation as with deletion of Site.EditForm, and instead tried to get into PHP debugging...

Many thanks, Matt and Pm!