Page MenuHomePhabricator
Create Task
Maniphest T292812

Every UserLogin visit generates "Persisting session for unknown reason" entry in Logstash
Open, Needs TriagePublic
Actions

Description

The log volume isn't too bad, but it doesn't seem particularly useful. And, perhaps more importantly, it seems worrying that possibly one of the most common ways to start a session (visiting the login page) is precieved by the code as an "unknown reason", which suggets there may be a bug in the code of unknown severity.

https://logstash.wikimedia.org/goto/029a81c3dbd7410c10a3ea3aad87da8d

Source code: https://gerrit.wikimedia.org/g/mediawiki/core/+/35098e1763c7e8917415ff55bc5a3e3c4815b128/includes/session/SessionBackend.php#829

Reproducible by visiting https://meta.wikimedia.org/wiki/Special:UserLogin in private browsing, including with any other wiki hostname.

Related Objects

Event Timeline

Krinkle created this task.Oct 8 2021, 2:50 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 8 2021, 2:50 AM
Krinkle updated the task description. (Show Details)Oct 8 2021, 2:50 AM
Zabe subscribed.Oct 8 2021, 5:20 AM
Tgr added a comment.Oct 9 2021, 2:06 AM

"Unknown" just means the logging logic couldn't tell the reason. There are plenty of legitimate way for that to happen (e.g. Session::save() being called directly).

In any case, the logging code was added for T264370: User authentication security issue (Oct 1, 2020), which has probably been fixed. If you feel it's problematic, I think it's fine to remove.

RhinosF1 subscribed.Oct 9 2021, 8:00 AM
TheresNoTime removed a subscriber: RhinosF1.Dec 15 2022, 11:35 PM
Tgr mentioned this in T348206: Improve logging, monitoring and test coverage for MediaWiki Platform team authentication extensions.Oct 9 2023, 4:00 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL