Page MenuHomePhabricator

"You are centrally logged in." toast on every page view on commons
Closed, ResolvedPublic


Tested on Chrome and Firefox (both desktop, not tested on mobile so far...) and two different computers:
Logged in using the desktop site of some wiki.
Visit, and get a login toast notification with message "Central login
You are centrally logged in. Reload the page to apply your user settings."
If i reload the page, i get the same toast again (and on every other page view).

Maybe related to T88860: Authentication sharing between desktop and mobile Commons is broken ?

Related Objects

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes

@kaldari, I'm still not certain what the best way is to detect that a request came to a mobile domain. Everything I've tried feels horribly hacky. But probably better to just get something working for now on WMF sites, and we can generalize it in code review.

I'll try to get something up tomorrow.

The interactions with mobile frontend are turning out to be more complicated than I thought. Can I pair with someone on mobile to work through the patch sometime in the next week?

We sat down on Friday and worked out a way to do this. Patch coming soon I suspect :)!

Yes soon! Should be end of the week at the latest.

Change 219272 had a related patch set uploaded (by CSteipp):
Add detection for mobile domain request

Change 219275 had a related patch set uploaded (by CSteipp):
Autologin for m. domains

Change 219272 merged by jenkins-bot:
Add detection for mobile domain request

@csteipp there is an open question from @phuedx on your patchset

Change 219275 merged by jenkins-bot:
Autologin for m. domains

@csteipp bad news this seems to still be a problem on wmf15 despite the fact that both patches should have been deployed.

It works for me... without javascript.

The issue is ext.centralauth.centralautologin doesn't have logic to add mobile=1 when it constructs the url for loginwiki. Jon and I had briefly talked about loading a different version of that script for mobile using resource loader targets.

@Jdlrobson, yeah, help would be appreciated! I didn't see an obvious, clean way to handle it, but if you have ideas, I'd be happy to review.

Jdlrobson changed the task status from Open to Stalled.Aug 19 2015, 12:23 AM

Change 233091 had a related patch set uploaded (by CSteipp):
Set mobile flag for autologin js

Hmm, I'm wondering if this is already fixed? (I haven't seen such a notification for a long time now), because there is one open change here :) is waiting for feedback from @Krinkle afaik

That patch got a +1. Anything else blocking this "Unbreak now"-priority task?

The patch looks fine (added +1), though it does work around two problems that will remain unsolved:

  • Internal domain variation is not verified. So whenever a new way comes up to view a page, it will result in the same bug again. Curious if this affects Wikipedia Zero, for example. It might make sense to validate the hostname server-side instead of passing mobile=1 which doesn't scale and leaves the same bug to happen if other "mobile" domains appear. It also negatively affects caching proxies and mirrors (which already have this bug for both mobile and desktop origins).
  • Silently attempting to log-in from a any domain where the code runs is fine (that one request isn't a problem), but we should at least validate the domain as part of that request so it doesn't fan-out further then needed.
  • MobileFrontend toast "You've been logged-in,.. reload .." message is displayed regardless of whether the login succeeded. This is the root cause of this bug and will likely happen again in the future.
Jdlrobson changed the task status from Stalled to Open.Jan 8 2016, 10:12 PM

Change 233091 merged by jenkins-bot:
Set mobile flag for autologin js

The original issue seems to be resolved now