Page MenuHomePhabricator
Create Task
Maniphest T158365

Session "{session}": Metadata merge failed: {exception}
Open, MediumPublic
Actions

Description

Session "{session}" Metadata merge failed: exception 'MediaWiki\Session\MetadataMergeException in /srv/mediawiki/php-1.29.0-wmf.12/includes/session/SessionProvider.php:205
Stack trace:
#0 /srv/mediawiki/php-1.29.0-wmf.12/includes/session/SessionManager.php(637): MediaWiki\Session\SessionProvider->mergeMetadata()
#1 /srv/mediawiki/php-1.29.0-wmf.12/includes/session/SessionManager.php(506): MediaWiki\Session\SessionManager->loadSessionInfoFromStore()
#2 /srv/mediawiki/php-1.29.0-wmf.12/includes/session/SessionManager.php(190): MediaWiki\Session\SessionManager->getSessionInfoForRequest()
#3 /srv/mediawiki/php-1.29.0-wmf.12/includes/WebRequest.php(735): MediaWiki\Session\SessionManager->getSessionForRequest()
#4 /srv/mediawiki/php-1.29.0-wmf.12/includes/session/SessionManager.php(129): WebRequest->getSession()
#5 /srv/mediawiki/php-1.29.0-wmf.12/includes/Setup.php(757): MediaWiki\Session\SessionManager::getGlobalSession()
#6 /srv/mediawiki/php-1.29.0-wmf.12/includes/WebStart.php(136): include()
#7 /srv/mediawiki/php-1.29.0-wmf.12/index.php(40): include()
#8 /srv/mediawiki/w/index.php(3): include()
#9 {main}

https://logstash.wikimedia.org/goto/e13abb4a6f31afe6b0671c1480bc6190

Related Objects
Search...

Event Timeline

thcipriani created this task.Feb 16 2017, 11:41 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 16 2017, 11:41 PM
Tgr added subscribers: Anomie, Tgr.Feb 17 2017, 12:45 AM

I think this is happening because CentralAuth sets the session source to local for anons? So you get a CA -> Local merge conflict if the session has expired, and maybe a Local -> CA one on login? (They seem to be happening with a comparable frequency.)

Maybe there could be a separate source for anons, which can be merged quietly with anything?

Anomie added a comment.Feb 17 2017, 4:14 PM

It looks like we have two cases here:

  1. User is not logged in, but has a session with CentralAuthSource = Local. They log in on a different wiki. Then the next page load, CA sees the CA cookies and returns a SessionInfo with CentralAuthSource = CentralAuth. Merge fails with this exception.
  2. User is logged in, and has a session with CentralAuthSource = CentralAuth. They somehow get logged out centrally. Then the next page load, CA sees no or invalid CA cookies and returns a SessionInfo with CentralAuthSource = Local. Merge fails with this exception.

I think in both cases I think it would be safe to implement CentralAuthSessionProvider::mergeMetadata() to always return the old CentralAuthSource value, and also adjust CentralAuthSessionProvider::refreshSessionInfo() to use 'Local' instead of skipping the check entirely when $info->getUserInfo()->getName() === null and reduce its own log message level. Or we could have it "merge" the new value to a different key and have CentralAuthSessionProvider::refreshSessionInfo() reject if that different key is set.

Or we could just reduce the log level of the exception in the first place. That'd certainly be safe.

Tgr added a comment.Feb 21 2017, 4:14 AM
In T158365#3036725, @Anomie wrote:

Or we could just reduce the log level of the exception in the first place. That'd certainly be safe.

Maybe add a severity parameter to ˙MetadataMergeException`? For CentralAuth it seems uninteresting, but maybe for some other provider it only happens when something is being tampered with?

demon moved this task from Untriaged to Dec2019/1.35.wmf.10+ on the Wikimedia-production-error board.Mar 1 2017, 11:52 PM
Krinkle added projects: MediaWiki-extensions-CentralAuth, MediaWiki-Core-AuthManager.Dec 2 2017, 1:26 AM
Anomie mentioned this in T181869: Error "Session {session}: Metadata has an anonymous user, but a non-anon user was provided".Dec 4 2017, 4:08 PM
Krinkle subscribed.Jul 5 2018, 11:50 PM

A year later, this is still a fairly common warning in production (~17,000 hits in the past 7 days).

Krinkle added projects: Product-Infrastructure-Team-Backlog-Deprecated, MediaWiki-Platform-Team-Archived.Jul 5 2018, 11:52 PM
Krinkle removed a project: Product-Infrastructure-Team-Backlog-Deprecated.
CCicalese_WMF moved this task from Inbox to Backlog on the MediaWiki-Platform-Team-Archived board.Jul 10 2018, 1:34 AM
CCicalese_WMF edited projects, added Core-Platform-Team-Old; removed MediaWiki-Platform-Team-Archived.Jul 12 2018, 12:48 AM
CCicalese_WMF moved this task from Inbox to Backlog on the Core-Platform-Team-Old board.Jul 12 2018, 12:57 AM
Krinkle moved this task from Dec2019/1.35.wmf.10+ to Older on the Wikimedia-production-error board.Sep 5 2018, 2:39 AM
Krinkle moved this task from Older to Apr 2019 / 1.33.wmf.25+ on the Wikimedia-production-error board.Sep 16 2018, 10:17 PM
Krinkle mentioned this in T204459: Session "{session}": CentralAuth saved source {saved} != expected source {expected}.Sep 16 2018, 10:23 PM
Krinkle mentioned this in T204787: Session Warning: "User ID mismatch, {uid_a} !== {uid_b}".Sep 18 2018, 11:52 PM
Krinkle moved this task from Apr 2019 / 1.33.wmf.25+ to Older on the Wikimedia-production-error board.Sep 19 2018, 1:06 AM
CCicalese_WMF added a project: Platform Team Legacy (Later).Oct 1 2018, 11:34 PM
CCicalese_WMF edited projects, added Core Platform Team Goals (MCR: Uncategorized); removed Core-Platform-Team-Old.Oct 2 2018, 12:30 AM
CCicalese_WMF edited projects, added Platform Engineering; removed Core Platform Team Goals (MCR: Uncategorized).Oct 2 2018, 2:32 AM
CCicalese_WMF moved this task from Inbox to Triage Meeting Inbox on the Platform Engineering board.Oct 2 2018, 2:41 AM
CCicalese_WMF moved this task from Triage Meeting Inbox to Needs Cleaning - Security, stability, performance, and scalability (TEC1) on the Platform Engineering board.Oct 3 2018, 3:55 PM
CCicalese_WMF edited projects, added Platform Engineering (Needs Cleaning - Security, stability, performance, and scalability (TEC1)); removed Platform Engineering.
WDoranWMF moved this task from Later to Mop Column on the Platform Team Legacy board.Jul 5 2019, 3:45 PM
WDoranWMF removed a project: Platform Team Legacy (Later).
mmodell changed the subtype of this task from "Task" to "Production Error".Aug 28 2019, 11:10 PM
WDoranWMF triaged this task as Medium priority.Sep 3 2019, 6:50 PM
WDoranWMF edited projects, added Platform Team Workboards (Clinic Duty Team); removed Platform Engineering (Needs Cleaning - Security, stability, performance, and scalability (TEC1)).
daniel moved this task from Inbox to Backlog on the Platform Team Workboards (Clinic Duty Team) board.Oct 8 2019, 9:57 AM
daniel moved this task from Backlog to Later on the Platform Team Workboards (Clinic Duty Team) board.Apr 14 2020, 9:00 PM
AMooney edited projects, added Platform Engineering (Icebox); removed Platform Team Workboards (Clinic Duty Team), MediaWiki-Core-AuthManager, MediaWiki-extensions-CentralAuth, Wikimedia-production-error.Aug 12 2020, 5:19 PM
Aklapper added projects: MediaWiki-Core-AuthManager, MediaWiki-extensions-CentralAuth, Wikimedia-production-error.Aug 12 2020, 6:08 PM
Aklapper added a subscriber: AMooney.

@AMooney: Assuming that "Set projects" was accidentally used instead of "Add projects", hence restoring some previous project tags.

Aklapper removed a subscriber: Anomie.Oct 16 2020, 5:02 PM
Krinkle mentioned this in T277834: Two-level session storage and the consistency problem with serialized blob stores.EditedMay 12 2021, 7:17 PM
Krinkle updated the task description. (Show Details)

Recent examples:
https://logstash.wikimedia.org/goto/e13abb4a6f31afe6b0671c1480bc6190

Tgr added a project: Documentation.Oct 6 2023, 10:37 PM

This is not necessarily an error, but really needs better documentation.

Tgr mentioned this in T348206: Improve logging, monitoring and test coverage for MediaWiki Platform team authentication extensions.Oct 9 2023, 4:00 AM
Bugreporter moved this task from Backlog to Central session, SSO (autologin) and centralauthtoken on the MediaWiki-extensions-CentralAuth board.Mar 5 2024, 11:45 AM
Krinkle edited projects, added MediaWiki-Platform-Team; removed Documentation, Wikimedia-production-error, Platform Engineering (Icebox).Mar 6 2024, 10:00 PM

Untagging from production error, since this is a diagnostic warning in the session channel. It is not a runtime error or otherwise an uncaught exception in the error channel.

Krinkle changed the subtype of this task from "Production Error" to "Task".Mar 6 2024, 10:01 PM
Tgr added a parent task: T348206: Improve logging, monitoring and test coverage for MediaWiki Platform team authentication extensions.Mar 10 2024, 5:46 PM
pmiazga moved this task from Inbox, needs triage to Within 2 Qs on the MediaWiki-Platform-Team board.Mar 11 2024, 4:10 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits