Page MenuHomePhabricator
Create Task
Maniphest T129707

Logging in does not actually log me in when I switch accounts on enwiki
Closed, InvalidPublic
Actions

Description

When I switch accounts on the English Wikipedia, User:Keegan to User:Keegan (WMF) or vice versa, I get login errors when attempting to edit.

  1. Log in as Keegan
  2. Log out
  3. Log in as Keegan (WMF)
  4. Edit a page, either source or VisualEditor
  5. Get warning about not being logged in
  6. Hit save, get warning about not being logged in
  7. Save edit, recorded as not logged in

Often when switching accounts my global/custom .js and .css do not load, when refreshing to load this does log me in.

Related Objects

Event Timeline

Keegan created this task.Mar 11 2016, 10:33 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 11 2016, 10:33 PM
Keegan added a comment.Mar 11 2016, 10:34 PM

Screen Shot 2016-03-11 at 4.16.58 PM.png (330×1 px, 97 KB)

Screen Shot 2016-03-11 at 4.22.09 PM.png (511×1 px, 153 KB)

Keegan added a comment.Mar 11 2016, 10:35 PM

This does not reproduce on meta or mediawiki.org.

Keegan added a comment.Mar 11 2016, 10:37 PM

Refreshing is confirmed to log me in when editing or performing an action.

Tgr added a project: MediaWiki-Core-AuthManager.Mar 11 2016, 10:55 PM

Can't reproduce with those steps and my personal/staff account.

csteipp subscribed.Mar 15 2016, 7:28 PM

@Keegan, I'm assuming this happened on March 11, and not a couple weeks ago when we were having some Session Manager issues, right?

This does look like a session issue, although I'm not seeing a security impact. If you don't mind that your screenshots are made public, are you ok with me making this a public bug so we get the benefit of more eyes on it?

Anomie subscribed.Mar 15 2016, 7:53 PM

I can't reproduce on enwiki either. You might clear all your cookies for wikipedia.org and all subdomains, in case you somehow have a bad cookie stuck.

If you can use something like Live HTTP Headers for Firefox or something similar for whatever browser you use to capture all the headers during steps 1-5, that would be helpful.

Keegan added a comment.Mar 15 2016, 10:07 PM

@csteipp I'm fine with it being public.
@Anomie I cleared all my cookies for wiki[?]edia, and removed the script that I was importing that may have caused cookie corruption between accounts. I'm no longer able to reproduce either, for now.

Phew.

csteipp closed this task as Invalid.Mar 15 2016, 10:32 PM
csteipp removed a project: acl*security.
csteipp changed the visibility from "Custom Policy" to "Public (No Login Required)".
csteipp changed Security from Software security bug to None.

Closing for now. If it happens again, feel free to reopen. As Brad said, if there's a way to capture the http headers, that would definitely help tracking down what happened.

Tgr mentioned this in T130896: Getting logged out frequently in Beta Cluster.Mar 28 2016, 4:01 PM
Aklapper removed a subscriber: Anomie.Oct 16 2020, 5:28 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits