Page MenuHomePhabricator
Create Task
Maniphest T125114

Accounts with user_token not set can't login to wmf.11 ("cookies not set" error)
Closed, ResolvedPublic
Actions

Related Objects
Search...

Event Timeline

Jdforrester-WMF created this task.Jan 28 2016, 5:55 PM
Jdforrester-WMF assigned this task to Anomie.
Jdforrester-WMF raised the priority of this task from to Needs Triage.
Jdforrester-WMF updated the task description. (Show Details)
Jdforrester-WMF added a project: Security.
Jdforrester-WMF changed the visibility from "Public (No Login Required)" to "Custom Policy".
Jdforrester-WMF changed the edit policy from "All Users" to "Custom Policy".
Jdforrester-WMF changed Security from None to Software security bug.
Jdforrester-WMF added subscribers: Jdforrester-WMF, csteipp.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 28 2016, 5:55 PM
Jdforrester-WMF added a comment.EditedJan 28 2016, 5:56 PM

Full screenshot (redacted)

Anomie added a comment.Jan 28 2016, 7:07 PM

Should be fixed by https://gerrit.wikimedia.org/r/#/c/267066/.

What's happening here isn't actually cookies. James's account on cawiki somehow has no user_token set, so the token check done by SessionManager was failing because User::getToken() will happily generate a new token every call until that happens to be fixed. The pre-SessionManager code omitted the token check when user_token was unset.

ori removed a subscriber: bd808.Jan 28 2016, 7:41 PM
Jdforrester-WMF renamed this task from Can't login to cawiki (cookies not set error) to Accounts with user_token not set can't login to wmf.12 ("cookies not set" error).Jan 28 2016, 8:22 PM
Jdforrester-WMF triaged this task as Unbreak Now! priority.
Jdforrester-WMF added a project: MediaWiki-User-login-and-signup.
greg added a subscriber: greg.Jan 28 2016, 8:27 PM

There is no wmf.12 yet :)

greg renamed this task from Accounts with user_token not set can't login to wmf.12 ("cookies not set" error) to Accounts with user_token not set can't login to wmf.11 ("cookies not set" error).Jan 28 2016, 8:28 PM
Jdforrester-WMF added a comment.Jan 28 2016, 8:38 PM

Ah, yes, reality lags behind me. ;-)

dduvall added a comment.EditedJan 28 2016, 9:05 PM

The fix has been backported to wmf.11 and synced.

Jdforrester-WMF closed this task as Resolved.Jan 28 2016, 10:23 PM

Yup, works fine for me now.

Jdforrester-WMF changed the visibility from "Custom Policy" to "Public (No Login Required)".Jan 28 2016, 10:23 PM
Jdforrester-WMF changed the edit policy from "Custom Policy" to "All Users".
Restricted Application changed the visibility from "Public (No Login Required)" to "Custom Policy". · View Herald TranscriptJan 28 2016, 10:23 PM
Restricted Application changed the edit policy from "All Users" to "Custom Policy". · View Herald Transcript
Restricted Application added a subscriber: Luke081515. · View Herald Transcript
Jdforrester-WMF removed a project: Security.Jan 28 2016, 10:24 PM
Jdforrester-WMF changed the visibility from "Custom Policy" to "Public (No Login Required)".
Jdforrester-WMF changed the edit policy from "Custom Policy" to "All Users".
Restricted Application changed the visibility from "Public (No Login Required)" to "Custom Policy". · View Herald TranscriptJan 28 2016, 10:24 PM
Restricted Application changed the edit policy from "All Users" to "Custom Policy". · View Herald Transcript
Restricted Application added a project: Security. · View Herald Transcript
Reedy changed the visibility from "Custom Policy" to "Public (No Login Required)".Jan 28 2016, 10:26 PM
Reedy changed the edit policy from "Custom Policy" to "All Users".
Reedy changed Security from Software security bug to None.
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL