Page MenuHomePhabricator
Create Task
Maniphest T124468

CentralAuth is not logging the user into loginwiki anymore
Closed, ResolvedPublic
Actions

Description

The fix for T124409: Logging out immediately logs you back in broke an unstated assumption that the session could always be re-loaded from the original request cookies, which makes the "was a session cookie provided?" check in LoginForm break, which makes it do an extra redirect after login, which makes CentralAuth not do its redirect dance with loginwiki.

This was never really guaranteed anyway, since some extension might have screwed around with the SessionMetadata and SessionCheckInfo hooks to violate the assumption, or some nonce might be valid only for the first load during the request. So the solution is probably to just save whether the session was persistent when it first gets loaded in Setup.php, and use that for the login cookie check instead.

Details

SubjectRepoBranchLines +/-
SessionManager: Kill getPersistedSessionId()mediawiki/coremaster+17 -54
SessionManager: Kill getPersistedSessionId()mediawiki/corewmf/1.27.0-wmf.11+17 -54
Customize query in gerrit

Related Objects
Search...

Event Timeline

Anomie created this task.Jan 22 2016, 7:54 PM
Anomie claimed this task.
Anomie raised the priority of this task from to Needs Triage.
Anomie updated the task description. (Show Details)
Anomie added a project: MediaWiki-extensions-CentralAuth.
Anomie subscribed.
Restricted Application added subscribers: StudiesWorld, Aklapper. · View Herald TranscriptJan 22 2016, 7:54 PM
gerritbot subscribed.Jan 22 2016, 7:55 PM

Change 265799 had a related patch set uploaded (by Anomie):
SessionManager: Kill getPersistedSessionId()

https://gerrit.wikimedia.org/r/265799

gerritbot added a project: Patch-For-Review.Jan 22 2016, 7:55 PM
Anomie mentioned this in T124453: Meta login fails.Jan 22 2016, 9:31 PM
gerritbot added a comment.Jan 22 2016, 9:34 PM

Change 265840 had a related patch set uploaded (by Anomie):
SessionManager: Kill getPersistedSessionId()

https://gerrit.wikimedia.org/r/265840

IKhitron subscribed.Jan 22 2016, 9:35 PM
gerritbot added a comment.Jan 22 2016, 9:40 PM

Change 265799 merged by jenkins-bot:
SessionManager: Kill getPersistedSessionId()

https://gerrit.wikimedia.org/r/265799

gerritbot added a comment.Jan 22 2016, 9:46 PM

Change 265840 merged by jenkins-bot:
SessionManager: Kill getPersistedSessionId()

https://gerrit.wikimedia.org/r/265840

Anomie closed this task as Resolved.Jan 22 2016, 9:51 PM

Fixed and backported. You will, of course, have to log in one more time to get the cookies set correctly.

ReleaseTaggerBot added projects: MW-1.27-release (WMF-deploy-2016-01-19_(1.27.0-wmf.11)), MW-1.27-release-notes, MW-1.27-release (WMF-deploy-2016-02-02_(1.27.0-wmf.12)).Jan 22 2016, 10:00 PM
Legoktm mentioned this in T124477: Mediawiki keeps logging me out/doesn't login globally.Jan 22 2016, 10:10 PM
MZMcBride subscribed.Jan 24 2016, 4:12 AM
Aklapper added a comment.Jan 24 2016, 6:13 PM

T124601: New accounts not autocreated on loginwiki sounds similar. Could someone check?

Aklapper mentioned this in T124601: New accounts not autocreated on loginwiki.Jan 24 2016, 6:13 PM
Anomie merged a task: T124601: New accounts not autocreated on loginwiki.Jan 24 2016, 8:33 PM
Anomie added subscribers: Legoktm, Bsadowski1, Jalexander, Trijnstel.
Aklapper merged a task: T124477: Mediawiki keeps logging me out/doesn't login globally.Jan 24 2016, 8:43 PM
Aklapper added a subscriber: Vituzzu.
Akoopal subscribed.Jan 24 2016, 10:08 PM
bd808 added a parent task: T123451: Deploy SessionManager and bot passwords.Jan 26 2016, 2:05 AM
MarcoAurelio moved this task from Backlog to Done on the MediaWiki-extensions-CentralAuth board.Dec 15 2016, 4:17 PM
Aklapper removed a subscriber: Anomie.Oct 16 2020, 5:39 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL