Page MenuHomePhabricator
Create Task
Maniphest T224382

Investigate why tools do not stay logged in for the duration of the session cookie
Open, HighPublic
Actions

Description

Reported at T224358 for Tool-global-search, but we see the same issue with XTools and our other projects that use Symfony and/or the mediawiki/oauthclient library.

The cookie is set to expire an entire year after login, but users get logged out within as little as half an hour, or sometimes just a matter of minutes.

For XTools specifically, it's worth noting we use MariaDB-based session storage (as the session needs to be shared between the app server and API server), but the symptoms nonetheless are the same as all other tools that use other session storage mechanisms.

I suspect our issue is something fundamental that we're missing with session management in PHP.

Related Objects

Event Timeline

MusikAnimal created this task.May 26 2019, 11:04 PM
MusikAnimal updated the task description. (Show Details)
MusikAnimal mentioned this in T224358: 20c of thoughts for globalsearch tool.May 26 2019, 11:14 PM
MusikAnimal moved this task from Backlog to General / other on the XTools board.Jun 10 2019, 5:32 AM
Krinkle subscribed.Mar 31 2020, 5:49 PM

I can confirm that when using it throughout the day to find and keep track of my progress fixing deprecated JS stuff on-wiki, that it feels like I can never get it to stay logged in for more than 30 minutes or an hour at a time.

Almost every time I revisit one of the tabs to renew or tune the search query, I have to go through the OAuth cycle again.

Billinghurst awarded a token.Apr 1 2020, 9:00 PM
MusikAnimal mentioned this in T135046: Allowlist Cloud VPS instances that need XFF header passed through the web proxy.Apr 14 2020, 5:44 PM
MusikAnimal mentioned this in rXT4f15e8279fd8: Persist login sessions for 1 week.Dec 13 2020, 10:52 PM
MusikAnimal mentioned this in rXTf35b95832857: Persist login sessions for 1 week.Dec 15 2020, 9:16 PM
CptViraj subscribed.Dec 20 2020, 6:30 AM
dmaza subscribed.Jan 20 2021, 12:13 AM
Samwilson subscribed.Jan 20 2021, 12:15 AM
Krinkle unsubscribed.Jan 20 2021, 3:15 AM
MusikAnimal triaged this task as High priority.Mar 4 2021, 5:38 AM
MusikAnimal mentioned this in T276885: Sessions are not shared between the main app server and the API server.Mar 9 2021, 8:14 PM
MusikAnimal added subscribers: Krinkle, Billinghurst.Mar 30 2021, 2:43 PM

@Krinkle @Billinghurst I think I may have fixed this for Global Search. I've been logged in now for 15+ hours, which is a new record for me. Can either of you confirm you're also seeing longer login sessions?

The same fix did not appear to work for XTools. Investigation is ongoing.

Billinghurst added a comment.Apr 3 2021, 11:13 AM

@MusikAnimal <dancing> logged in for a couple of days now

Krinkle added a comment.Apr 3 2021, 8:57 PM

Me too. Looks good so far!

MusikAnimal removed a project: Tool-global-search.Apr 6 2021, 12:53 AM
MusikAnimal removed subscribers: Billinghurst, Krinkle.

Great! I am going to untag Tool-global-search and remove you two as subscribers, assuming you probably don't want to bothered about noise with us debugging XTools.

@Samwilson FYI this is what I did, which will probably work for any other Toolforge-based Symfony app: https://github.com/MusikAnimal/global-search/commit/12086c28a70e92ec86bf5ab6416466ffbf7a6964. The issue I believe is Symfony by default falls back to php.ini, which on Toolforge has sessions live for a mere 24 minutes. The same trick didn't work for XTools.

MusikAnimal mentioned this in rXT3232d0414b32: config: force use of native session handler.Apr 26 2021, 3:53 AM
MusikAnimal moved this task from General / other to Maintenance / tech debt on the XTools board.Aug 12 2023, 3:17 AM
JJMC89 mentioned this in T362456: CopyPatrol login session length too short.Apr 12 2024, 10:32 PM
JWheeler-WMF added a project: Community-Tech.Apr 18 2024, 5:42 PM
JWheeler-WMF moved this task from New & TBD Tickets to On deck (June 25-July 5) on the Community-Tech board.
MusikAnimal added a project: CopyPatrol.Apr 28 2024, 4:23 AM
MusikAnimal moved this task from Backlog to Front end on the CopyPatrol board.
Diannaa subscribed.Apr 28 2024, 1:14 PM
L3X1 subscribed.May 14 2024, 4:59 PM
JWheeler-WMF moved this task from On deck (June 25-July 5) to Maintenance Backlog on the Community-Tech board.May 31 2024, 6:58 PM
MusikAnimal mentioned this in T367597: Login to X-Tools German Wikipedia.Jun 26 2024, 9:51 PM
MusikAnimal merged a task: T367597: Login to X-Tools German Wikipedia.
MusikAnimal added a subscriber: Melly42.
1234qwer1234qwer4 subscribed.Aug 19 2024, 4:57 PM
MusikAnimal mentioned this in rXTRMRB3232d0414b32: config: force use of native session handler.Mar 20 2025, 3:15 AM
Alien333 subscribed.Apr 14 2025, 12:58 PM
MusikAnimal mentioned this in T384711: XTools is down or very slow due to bot scraping.Apr 21 2025, 5:13 PM
Nemoralis subscribed.Apr 21 2025, 5:58 PM
MusikAnimal mentioned this in T381640: Can't keep logging in to XTools.Apr 23 2025, 6:08 PM
Novem_Linguae subscribed.Apr 24 2025, 9:21 PM
MusikAnimal mentioned this in T401360: Display low numbers of page watchers to admins in XTools and ArticleInfo gadget.Aug 7 2025, 8:41 PM
MusikAnimal mentioned this in T410464: Global search doesn't remember that I've logged in.Mar 27 2026, 11:59 PM
MusikAnimal merged a task: T410464: Global search doesn't remember that I've logged in.
MusikAnimal added a project: Tool-globalcontribution.
MusikAnimal added subscribers: jhsoby, Billinghurst, Jack_who_built_the_house and 2 others.
MusikAnimal merged a task: T418206: Asking to Login Repeatedly.Apr 7 2026, 6:51 PM
MusikAnimal added a subscriber: Chaduvari.
MusikAnimal added a project: patch-welcome.Apr 7 2026, 6:58 PM
MusikAnimal updated the task description. (Show Details)
Gnoeee edited projects, added: Tool-Global-user-contributions; removed: Tool-globalcontribution.May 2 2026, 4:00 PM
Gnoeee subscribed.

@MusikAnimal I changed the tag Tool-globalcontribution -> Tool-Global-user-contributions. I believe this was the one.

MusikAnimal edited projects, added: Tool-global-search; removed: Tool-Global-user-contributions.May 2 2026, 7:04 PM

Oops! It should have actually been Tool-global-search

A_smart_kitten subscribed.May 13 2026, 2:23 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits