Page MenuHomePhabricator

Stay logged in doesn’t work, global login doesn’t work on different projects
Open, Needs TriagePublicBUG REPORT

Description

Neither stay logged in nor global login on different project works.
I and other few people can’t stay logged in (so we have always to put credentials) and I can’t have global login working on different projects.
So, I have global login on any linguistic version of the project where I logged in, but if I go on a different Wikimedia project I’m not logged in anymore.
All from a copule days

step descriptions

Logout. Login on it.Wikipedia, open it.Wikinews. No global login on it.wikinews while I expect to have my account logged in on it.wikinews via CentralAuth. Open en.wikipedia: you have your account logged in!

Close the browser and let the session expire (wait for some time): the preference “stay logged in” doesn’t work and you have to write your credentials again.

Page: Special:Login

Browser: Safari on iOS and iPadOS 13.5

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 27 2020, 8:20 AM
Wiki13 added a subscriber: Wiki13.Jun 27 2020, 8:37 AM

Part of this issue sounds like T252236, where I describe that newer browser versions severely break CentralAuth, resulting in no global login...

Aklapper changed the task status from Open to Stalled.Jun 27 2020, 9:06 AM

Hi @Ferdi2005, thanks for taking the time to report this! Unfortunately this Wikimedia Phabricator task lacks some information.
If you have time and can still reproduce the situation: Please add a more complete description to this task. That should be

  • a clear list of exact steps to reproduce the situation, step by step, so that nobody needs to guess or interpret how you performed each step,
  • what happens after performing these steps to reproduce,
  • what you expected to happen instead,
  • a full link to a web address where the issue can be seen,
  • the web browser(s) and web browser version(s) that you tested.

You can edit the task description by clicking Edit Task. Ideally, a good description should allow any other person to follow these steps (without having to interpret steps) and see the same results. Problems that others can reproduce can get fixed faster. Thanks again!

Ferdi2005 updated the task description. (Show Details)EditedJun 27 2020, 10:48 AM

Done... (the one not deducibile thing is the version and I’m sorry because I didn’t include that in first place). @Aklapper

Ferdi2005 updated the task description. (Show Details)Jun 27 2020, 10:53 AM
Wim_b added a subscriber: Wim_b.Jul 10 2020, 11:00 AM

Same situation. My global login not working on different projects. I must always login in 10 projects for a real "global login", and with A2F enabled is more difficult.

Browser: Safari on iOS and Mac OSX, updated

Wim_b added a comment.Jul 11 2020, 5:13 PM

@Aklapper every time i must login in:

  1. Meta, and automatically I was logged in Commons, Wikidata and Wikispecies
  2. A random Wiktionary, and automatically I was logged in all Wiktionaries
  3. A random Wikipedia, and automatically I was logged in all Wikipedias
  4. A random Wikinews, and automatically I was logged in all Wikinewses
  5. And repeat for all projects case
  • I flag every times "remember me"
  • In "incognito mode"on Mac OSX & Safari I must logging me only a time and the system logged automatically me in every projects.
Tgr added a subscriber: Tgr.Jul 13 2020, 8:06 PM

Probably the same issue as T257852: CentralAuth edge login and autologin for some Wikimedia domains broken on mobile, plus Safari preventing JS-based autologin (I think that has been the case for a while).

Close the browser and let the session expire (wait for some time): the preference “stay logged in” doesn’t work and you have to write your credentials again.

On the same wiki where you logged in? That would be unexpected (browsers interfering with cross-project login sadly isn't).

Tgr added a comment.Jul 16 2020, 5:11 PM

@Ferdi2005 @Wim_b can you post a screenshot of what you see at https://samesite-sandbox.glitch.me/ ?

Ferdi2005 added a comment.EditedJul 16 2020, 5:14 PM

Mmh, @Tgr, Safari can’t open the page because it doesn’t find the server.

On the same wiki where you logged in? That would be unexpected (browsers interfering with cross-project login sadly isn't).

@Tgr I think it’s because the forced exit because of security problems you folks at WMF did two times, I’ll check if it happens without any alert about security exit.

Tgr added a comment.Jul 16 2020, 5:41 PM

@Ferdi2005 I doubt it, but if you are willing to test it I can invalidate your session one more time. Also I have collected in T258121: Logging in to a wiki sometimes fails with 'sessionfailure' error (coinciding with SameSite rollout) what information would be useful, in case you can remember it (or reproduce the issue).

This issue seems similar to T257853: CentralAuth edge login broken on desktop (coinciding with SameSite rollout) except the part about "keep me logged in" not working (which is more surprising; cross-wiki login has always been brittle but the local login should be pretty straightforward).

Wim_b added a comment.EditedJul 17 2020, 10:52 AM

@Tgr

and this in incognito mode:

But in incognito mode i must logging me only a time and automatically the system log me in every projects

Tgr added a comment.Jul 17 2020, 1:12 PM

Thanks. So this is not caused by Chrome's new SameSite enforcement (if you were affected by that, the middle column would be greener).

I can’t open your samesite website.. @Tgr

@Ferdi2005: Please be more specific. If there are errors then please always post error messages, and explain *why* you cannot open it. Thanks! :)

I’ve already written that... I copy from the upper message “ , Safari can’t open the page because it doesn’t find the server.”

Ah, I'm sorry!

Draceane added a subscriber: Draceane.
Aklapper changed the task status from Stalled to Open.Thu, Nov 5, 11:52 AM

Is this still a problem?

Yeah, this is still a problem, but now I can open @Tgr samesite test, so here it is.

I'm logged in on Wikipedia, for instance, but if I go to Wikiquote I'm not logged in.