Page MenuHomePhabricator

m.wikidata: login status not detected
Open, Needs TriagePublic


Expected behavior
GIVEN I am successfully logged in on the desktop site, e.g.
WHEN I open the mobile site, e.g.
THEN I am logged as the same user

Actual behavior
GIVEN I am successfully logged in on the desktop site, e.g.
WHEN I open the mobile site, e.g.
THEN my logged in status is not detected and I can not make use of it

Technical insights
When opening the mobile login page, e.g., the requests that try to facilitate the login can be inspected.
Apparently requests get sent against but are answered in a wrong way for the wikidata domain - the Location header instructs our browser to connect to "" which is incorrect (stray "www.").

Applies to both production and beta.

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 14 2019, 12:55 PM

Seems to also happen for
Does not happen on

Network connection stack trace:

I believe (but I do not claim to be right on this one) the issue happens inside

Not very extensive testing around MobileContext::getMobileUrl has not identify issues over there. Current working hypothesis of mine is that it is WikiMap::getForeignURL what adds the superfluous www. to the URL.

Would be great to get word from the MediaWiki-extensions-CentralAuth people if they have a suspicion where this problem originates from.

WMDE-leszek triaged this task as High priority.Jun 17 2019, 2:25 PM

Pinging maintainers according to @hoo, @vvv, @csteipp, @Legoktm: any idea why and might behave special (and arguably incorrect)?

WMDE-leszek lowered the priority of this task from High to Normal.Jun 17 2019, 3:44 PM
Lea_WMDE moved this task from Backlog to Other on the Wikidata-Termbox board.
Pablo-WMDE updated the task description. (Show Details)Jun 18 2019, 8:26 AM

It is a bit concerning to see this has not been triaged by the maintainers after more than 3 weeks.

WMDE-leszek raised the priority of this task from Normal to Needs Triage.Jul 22 2019, 1:04 PM
WMDE-leszek added a subscriber: Reedy.

Trying the ping again: @hoo, @vvv, @csteipp, @Legoktm: any idea why and might behave in "special" way (and arguably incorrect)?
Also, I dare to ping @Reedy as the second most active code contributor according to github, maybe he has an idea what the issue here, or know who would be able to say something about.

Also, I reverted the priority triage of this task, as it is not our code/bug.

Addshore added a subscriber: Addshore.

Also going to tag MediaWiki-Authentication-and-authorization as it could be related and likely to catch some more eyes.

My hunch would be that this has to do with the CA cookie domain for things like wikipedia being set to "" but the domain for wikidata gets set to "".

Which would mean this related to wgCentralAuthLoginWiki which is documented on and also our default settings for that var which can be found in InitialiseSettings.php

		'' => 'enwiki',
		'' => 'metawiki',
		'' => 'enwiktionary',
		'' => 'enwikibooks',
		'' => 'enwikiquote',
		'' => 'enwikisource',
		'' => 'commonswiki',
		'' => 'enwikinews',
		'' => 'enwikiversity',
		'' => 'mediawikiwiki',
		'' => 'wikidatawiki',
		'' => 'specieswiki',
		'' => 'incubatorwiki',
		'' => 'enwikivoyage',

Needs a bit more investigation thoguh