Page MenuHomePhabricator
Create Task
Maniphest T256525

Stay logged in doesn’t work, global login doesn’t work on different projects
Closed, DuplicatePublicBUG REPORT
Actions

Assigned To
None
Authored By
Ferdi2005
Jun 27 2020, 8:20 AM
Tags
Referenced Files
F32437133: Schermata 2020-11-05 alle 13.45.10.png
Nov 5 2020, 12:45 PM
F31938284: Schermata 2020-07-17 alle 12.54.54.png
Jul 17 2020, 10:55 AM
F31938280: Schermata 2020-07-17 alle 12.51.37.png
Jul 17 2020, 10:52 AM
F31937424: DE2B88D1-1CE5-446C-AE10-920933D64C7C.png
Jul 16 2020, 5:14 PM
Subscribers
Afnecors
Aklapper
Draceane
Ferdi2005
mdaniels5757
R4356th
Ruthven
View All 11 Subscribers
Tokens
"Like" token, awarded by Draceane.

Description

Neither stay logged in nor global login on different project works.
I and other few people can’t stay logged in (so we have always to put credentials) and I can’t have global login working on different projects.
So, I have global login on any linguistic version of the project where I logged in, but if I go on a different Wikimedia project I’m not logged in anymore.
All from a copule days

step descriptions

Logout. Login on it.Wikipedia, open it.Wikinews. No global login on it.wikinews while I expect to have my account logged in on it.wikinews via CentralAuth. Open en.wikipedia: you have your account logged in!

Close the browser and let the session expire (wait for some time): the preference “stay logged in” doesn’t work and you have to write your credentials again.

Page: Special:Login

Browser: Safari on iOS and iPadOS 13.5

Related Objects

Event Timeline

Ferdi2005 created this task.Jun 27 2020, 8:20 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 27 2020, 8:20 AM
YacineBoussoufa subscribed.Jun 27 2020, 8:34 AM
Wiki13 subscribed.Jun 27 2020, 8:37 AM

Part of this issue sounds like T252236, where I describe that newer browser versions severely break CentralAuth, resulting in no global login...

Aklapper changed the task status from Open to Stalled.Jun 27 2020, 9:06 AM
Aklapper edited projects, added MediaWiki-Core-AuthManager; removed SRE.

Hi @Ferdi2005, thanks for taking the time to report this! Unfortunately this Wikimedia Phabricator task lacks some information.
If you have time and can still reproduce the situation: Please add a more complete description to this task. That should be

  • a clear list of exact steps to reproduce the situation, step by step, so that nobody needs to guess or interpret how you performed each step,
  • what happens after performing these steps to reproduce,
  • what you expected to happen instead,
  • a full link to a web address where the issue can be seen,
  • the web browser(s) and web browser version(s) that you tested.

You can edit the task description by clicking Edit Task. Ideally, a good description should allow any other person to follow these steps (without having to interpret steps) and see the same results. Problems that others can reproduce can get fixed faster. Thanks again!

Ferdi2005 updated the task description. (Show Details)EditedJun 27 2020, 10:48 AM

Done... (the one not deducibile thing is the version and I’m sorry because I didn’t include that in first place). @Aklapper

Ferdi2005 updated the task description. (Show Details)Jun 27 2020, 10:53 AM
Aklapper added a comment.Jun 27 2020, 9:34 PM

Thanks! Please see and follow https://www.mediawiki.org/wiki/Manual:How_to_debug/Login_problems and report back here.

Wim_b subscribed.Jul 10 2020, 11:00 AM

Same situation. My global login not working on different projects. I must always login in 10 projects for a real "global login", and with A2F enabled is more difficult.

Browser: Safari on iOS and Mac OSX, updated

Ruthven subscribed.Jul 10 2020, 11:20 AM
Aklapper added a comment.Jul 10 2020, 12:34 PM

@Wim_b: Please see and follow https://www.mediawiki.org/wiki/Manual:How_to_debug/Login_problems and report back here. Thanks!

Wim_b added a comment.Jul 11 2020, 5:13 PM

@Aklapper every time i must login in:

  1. Meta, and automatically I was logged in Commons, Wikidata and Wikispecies
  2. A random Wiktionary, and automatically I was logged in all Wiktionaries
  3. A random Wikipedia, and automatically I was logged in all Wikipedias
  4. A random Wikinews, and automatically I was logged in all Wikinewses
  5. And repeat for all projects case
  • I flag every times "remember me"
  • In "incognito mode"on Mac OSX & Safari I must logging me only a time and the system logged automatically me in every projects.
Reedy added a project: MediaWiki-extensions-CentralAuth.Jul 11 2020, 5:14 PM
Tgr subscribed.Jul 13 2020, 8:06 PM

Probably the same issue as T257852: CentralAuth edge login and autologin for some Wikimedia domains broken on mobile, plus Safari preventing JS-based autologin (I think that has been the case for a while).

Close the browser and let the session expire (wait for some time): the preference “stay logged in” doesn’t work and you have to write your credentials again.

On the same wiki where you logged in? That would be unexpected (browsers interfering with cross-project login sadly isn't).

Tgr added a comment.Jul 16 2020, 5:11 PM

@Ferdi2005 @Wim_b can you post a screenshot of what you see at https://samesite-sandbox.glitch.me/ ?

Ferdi2005 added a comment.EditedJul 16 2020, 5:14 PM

DE2B88D1-1CE5-446C-AE10-920933D64C7C.png (2×1 px, 416 KB)

Mmh, @Tgr, Safari can’t open the page because it doesn’t find the server.

Ferdi2005 added a comment.Jul 16 2020, 5:16 PM

On the same wiki where you logged in? That would be unexpected (browsers interfering with cross-project login sadly isn't).

@Tgr I think it’s because the forced exit because of security problems you folks at WMF did two times, I’ll check if it happens without any alert about security exit.

Tgr added a comment.Jul 16 2020, 5:41 PM

@Ferdi2005 I doubt it, but if you are willing to test it I can invalidate your session one more time. Also I have collected in T258121: Logging in to a wiki sometimes fails with 'sessionfailure' error (coinciding with SameSite rollout) what information would be useful, in case you can remember it (or reproduce the issue).

This issue seems similar to T257853: CentralAuth edge login broken on desktop (coinciding with SameSite rollout) except the part about "keep me logged in" not working (which is more surprising; cross-wiki login has always been brittle but the local login should be pretty straightforward).

Wim_b added a comment.EditedJul 17 2020, 10:52 AM

@Tgr

Schermata 2020-07-17 alle 12.51.37.png (356×945 px, 74 KB)

and this in incognito mode:

Schermata 2020-07-17 alle 12.54.54.png (356×945 px, 74 KB)

But in incognito mode i must logging me only a time and automatically the system log me in every projects

Tgr added a comment.Jul 17 2020, 1:12 PM

Thanks. So this is not caused by Chrome's new SameSite enforcement (if you were affected by that, the middle column would be greener).

Ferdi2005 added a comment.Jul 17 2020, 1:15 PM

I can’t open your samesite website.. @Tgr

Aklapper added a comment.Jul 17 2020, 1:53 PM

@Ferdi2005: Please be more specific. If there are errors then please always post error messages, and explain *why* you cannot open it. Thanks! :)

Ferdi2005 added a comment.Jul 17 2020, 2:44 PM

I’ve already written that... I copy from the upper message “ , Safari can’t open the page because it doesn’t find the server.”

Aklapper added a comment.Jul 17 2020, 3:28 PM

Ah, I'm sorry!

Draceane awarded a token.Jul 20 2020, 7:51 PM
Draceane subscribed.
mdaniels5757 subscribed.Jul 24 2020, 4:56 PM
Aklapper changed the task status from Stalled to Open.Nov 5 2020, 11:52 AM

Is this still a problem?

Ferdi2005 added a comment.Nov 5 2020, 12:45 PM

Yeah, this is still a problem, but now I can open @Tgr samesite test, so here it is.

I'm logged in on Wikipedia, for instance, but if I go to Wikiquote I'm not logged in.

Schermata 2020-11-05 alle 13.45.10.png (1×2 px, 313 KB)

Afnecors subscribed.EditedJul 14 2022, 9:19 AM

I have the same issue with Mozilla Firefox 102.0 (on Ubuntu 20.04.4).
If I log in in https://it.wikipedia.org/ and then navigate to https://commons.wikimedia.org/ I must to fill the login form to enter with my account.
However the global login works with different language editions of Wikipedia (de.wikipedia, en.wikipedia for example).

Afnecors added a comment.Jul 22 2022, 1:07 PM

@Aklapper Should I open a new ticket?

Aklapper added a comment.Jul 22 2022, 3:54 PM

@Afnecors: Hi, please see and follow https://www.mediawiki.org/wiki/Manual:How_to_debug/Login_problems and report back

Tgr mentioned this in T252244: CentralAuth extension: Code stewardship review.May 3 2023, 12:30 PM
R4356th subscribed.May 31 2023, 1:31 PM
Tgr mentioned this in T345249: Mitigate phase-out of third-party cookies in CentralAuth.Aug 30 2023, 1:49 PM
Tgr added a comment.Mar 5 2024, 1:27 PM

Since this was reported in 2020 June and Safari rolled out third-party cookie blocking beginning 2020 March, it was very likely caused by that feature, which is already covered by several other tasks and has been somewhat improved since. So let's close this.

Tgr closed this task as a duplicate of T345249: Mitigate phase-out of third-party cookies in CentralAuth.Mar 5 2024, 1:27 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL