Page MenuHomePhabricator

Logging in to a wiki sometimes fails with 'sessionfailure' error (coinciding with SameSite rollout)
Open, Needs TriagePublic

Description

If you experience this, please post the name and version of your browser, whether you have used the desktop or mobile site, whether you have checked the "keep me logged in" option, a screenshot of https://samesite-sandbox.glitch.me/ and the name and the first 4-5 characters of the value for all the cookies with "session" or "token" in their name (but no more than that, the full string would give others access to your account!). (see how) Also, if you remember what exact navigation steps led you to that error screen, that would be helpful.

On login, some people get the sessionfailure message:

Like T257853: CentralAuth edge login broken on desktop (coinciding with SameSite rollout), it seems to be related to the presence of old cookies somehow. Going incognito or clearing cookies helps.

Event Timeline

SRuizR created this task.Thu, Jul 16, 1:01 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptThu, Jul 16, 1:01 AM
Tgr added a subscriber: Tgr.

Could you provide more details of what you are doing and what happens?

Also, could you share a screenshot of what you see here?

I'm in Special:UserLogin, I put my password and press Log In, but when I press Log In it doesn't respond and shows the message in MediaWiki:Sessionfailure. Here's the screenshot of the SameSite thing.

Tgr added a comment.Thu, Jul 16, 1:23 AM

What browser and OS are you using? Any special settings (third-party cookie blocking, some privacy extension)?

My OS is Windows 7 my browser is Google Chrome. I don't have any cookie blocking or privacy extension.

Tgr renamed this task from Wikipedia log in problem to Logging in on Wikipedia fails with 'sessionfailure' error.Thu, Jul 16, 1:35 AM
Tgr added a comment.Thu, Jul 16, 1:45 AM

You are using the desktop site, right? Can you do another login attempt and provide the exact time when you did it? Can you retry in incognito mode (with "Block third-party cookies" disabled)? If you have an alternative account, can you retry with that?

Yes, I'm with the desktop site. I tried with my alternative account SRuizR777 in incognito mode at 1:50 UTC. Surprisingly it worked. I tried with my main account SRuizR in incognito mode at 1:52 UTC and it also worked.

At 1:55 UTC I tried out of incognito and it didn't work.

Nevermind, I restarted my computer and now it's working. Kind regards.

SRuizR closed this task as Invalid.Thu, Jul 16, 2:43 AM
Tgr added a comment.Thu, Jul 16, 1:31 PM

Thanks! Please reopen if you see this again; we made some changes to the login system, in response of a change in browser behavior (which is rolled out this week and next) so we are very interested in reports of errors (although I'd mostly expect them to happen around cross-wiki login, not direct login).

Tgr reopened this task as Open.EditedThu, Jul 16, 4:59 PM

Reopening, happened to another person so clearly not a fluke. Seems to be related to the presence of old cookies. (Maybe the SameSite=None and the legacy cookie getting out of sync?) If you experience this, please post the name and version of your browser, a screenshot of https://samesite-sandbox.glitch.me/ and the first 4-5 characters of all the cookies with "session" or "token" in their name (but no more than that, the full string would give others access to your account!). Also, if you remember what exact navigation steps led you to that error screen, that would be helpful.

T257853: CentralAuth edge login broken on desktop (coinciding with SameSite rollout) seems also related to the presence of old cookies somehow.

Tgr renamed this task from Logging in on Wikipedia fails with 'sessionfailure' error to Logging in to a wiki sometimes fails with 'sessionfailure' error.Thu, Jul 16, 5:08 PM
Tgr updated the task description. (Show Details)
Tgr updated the task description. (Show Details)Thu, Jul 16, 5:37 PM
This comment was removed by alanajjar.
alanajjar added a comment.EditedThu, Jul 16, 6:10 PM

name and version of your browser, whether you have used the desktop or mobile site

Desktop - Google chrome 83.0.4103.116

checked the "keep me logged in" option

No

a screenshot of https://samesite-sandbox.glitch.me/ and the name and the first 4-5 characters of the value for all the cookies with "session" or "token" in their name

Maybe it'll not help you now? as I faced it on 2:11 p.m. today. I can't log in through arwiki and enwiki, then I tried through metawiki, so I can log in through metawiki only, and when enter arwiki/enwiki the unified login not work, and I'd log in again through each project alone. So I asked through IRC, and directed me to T258148. I read on it I cleared the cookied for wikipedia.org and was able to login again, so I cleared cookies then restarted the browser. Then all back work fine!

Tgr renamed this task from Logging in to a wiki sometimes fails with 'sessionfailure' error to Logging in to a wiki sometimes fails with 'sessionfailure' error (coinciding with SameSite rollout).Fri, Jul 17, 10:39 AM