Page MenuHomePhabricator

Not centrally logged in after account creation on mediawiki.org
Open, Needs TriagePublic

Description

Steps to reproduce:

  • start a clean browser session (tested with Chrome 67.0.3396.99 / Ubuntu 16.04 in incognito mode)
  • visit mediawiki.org
  • create a new account
  • visit wikidata.org

Expected result: you are logged in
Actual result: you are logged in on mediawiki.org but not on wikidata.org. The autologin request (Special:CentralAutoLogin/checkLoggedIn) returns Not centrally logged in.

Originally reported at https://discourse-mediawiki.wmflabs.org/t/creating-new-account-does-not-sign-in-to-other-wiki-websites/666

Event Timeline

Tgr created this task.Jul 6 2018, 8:22 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 6 2018, 8:22 AM

is this reproducible or was this a one-off?

Replying on behalf of djow2019 (who originally created the discussion on discourse-mediawiki), yes the issue is reproducible.

Aklapper changed the task status from Open to Stalled.Jul 17 2018, 10:27 AM

(It might be easier for djow2019 to create an account on Phab to avoid proxying messages.)

Quoting T169261#3452695:

Authentication bugs are notorious for having similar symptoms with different causes, since the symptom is usually "I can't log in" or "I get logged out unexpectedly" and there are many things that can cause that, including actual MediaWiki bugs, browser bugs, mysteriously-corrupted cookies that never get enough information to be investigated, and user error such as blocking first- and/or third-party cookies from our sites. Which is why we usually wind up asking people with authentication problems to try several things:

Please see and follow https://www.mediawiki.org/wiki/Manual:How_to_debug/Login_problems and report back here. Thanks!

while djow2019 is waiting for his account to be approved, he asked me to proxy one more reply

Cleared cache, used Firefox Quantum 61.0.1 (64-bit)

  1. Create account from media wiki

Console:

Content Security Policy: Ignoring “'unsafe-inline'” within script-src or style-src: nonce-source or hash-source specified
JQMIGRATE: Migrate is installed with logging active, version 3.0.1 load.php:139:615
This page is using the deprecated ResourceLoader module "mediawiki.ui".
Please use OOUI instead. index.php:167:45
This page is using the deprecated ResourceLoader module "mediawiki.api.options".
Use "mediawiki.api" instead. load.php:274:706
This page is using the deprecated ResourceLoader module "mediawiki.api.parse".
Use "mediawiki.api" instead. load.php:34:89
JQMIGRATE: jQuery.fx.interval is deprecated load.php:140:200
Loading failed for the <script> with source “https://www.mediawiki.org/w/load.php?debug=false&lang=en&modules=schema.InputDeviceDynamics&skin=vector&version=0v9s7g2”. index.php:1
Content Security Policy: Ignoring “'unsafe-inline'” within script-src or style-src: nonce-source or hash-source specified
JQMIGRATE: Migrate is installed with logging active, version 3.0.1 load.php:139:615
This page is using the deprecated ResourceLoader module "mediawiki.api.options".
Use "mediawiki.api" instead.
  1. Visit wikidata.org
  2. Not centrally logged in

I've created over 5 accounts testing this, happens every time. Does it happen for you?

I can try, but I am not an expert at reading the cache. So I'll walk you through it again using different settings.

  1. Start clean session with Microsoft Edge 42.17134.1.0
  2. Create account at MediaWiki
  3. Visit Wikipedia.org (not wikidata)
  4. Notice that you see the "log in" in the upper right, implying that you are not logged in
  5. Visit MediaWiki. Notice that your account is shown in the upper right corner, implying that you are logged in

From the debugging page:

  1. Does it persist after clearing cookies for the wiki domain? When logging in in incognito mode? When logging in with a different kind of browser?
    • Bug occurs after clearing the cache and in incognito mode. It occurs in account creation from MediaWiki, it is not persistent after you sign out/sign back in on any wiki site.
  2. Does it affect all user accounts, or just one?
    • Every time you create an account
  3. Does the "remember me" flag make any difference? (Clear cookies before attempts.)
    • Not an option
  4. If the problems are happening on a WikiMedia wiki, try logging in on another wiki, preferably one that does not share a second-level domain name (so if the problem happens on xy.wikipedia.org, try for example xy.wiktionary.org).
    • Only when you create an account on MediaWiki
  5. If the problems are happening on your own wiki, what MediaWiki version do you use? (Session and login handling has been fully rewritten in 1.27.) Pre-1.27, check the value of $wgSessionsInObjectCache; if it is false, test that your PHP session handling is working (e.g. that session.save_path is writable). If it is true, see what session providers (SessionProvider subclasses) you are using.
  6. If the problems are happening on your own wiki, check what session backend is being used ($wgSessionCacheType), and make sure it works (data is actually persisted between requests).
    • Once again, only directly on MediaWiki

At this point, I've also been able to confirm it happens in Chrome, Firefox, and Microsoft Edge.

Let me know if there is anything else I can do, and I strongly suggest you try it yourself. It doesn't take too long to create one, and I'm worried I'll reach the daily cap on new accounts again.

Aklapper changed the task status from Stalled to Open.Jul 19 2018, 4:48 AM