Page MenuHomePhabricator
Create Task
Maniphest T325056

Can't log in or out or save edits - Invalid CSRF token
Closed, ResolvedPublicBUG REPORT
Actions

Description

Steps to replicate the issue (include links if applicable):

  • Open a fresh browser window
  • Attempt to log in to Wikipedia

Also, attempt to log out of a logged-in account.

What happens?:
Login

Screenshot 2022-12-13 at 12.18.29.png (596×642 px, 69 KB)

Logout

Screenshot 2022-12-13 at 12.19.06.png (126×576 px, 12 KB)

What should have happened instead?:
I should be able to log in or out.

Details

SubjectRepoBranchLines +/-
sessionstore: Don't pin sessionstore to specific rowsoperations/deployment-chartsmaster+0 -14
Customize query in gerrit

Related Objects

Event Timeline

Samwalton9-WMF created this task.Dec 13 2022, 12:18 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 13 2022, 12:18 PM
Samwalton9-WMF updated the task description. (Show Details)Dec 13 2022, 12:19 PM
Fehufanga subscribed.Dec 13 2022, 12:19 PM
Samwalton9-WMF triaged this task as Unbreak Now! priority.Dec 13 2022, 12:19 PM

Seems like an UBN-level issue.

Samwalton9-WMF added projects: MediaWiki-User-login-and-signup, MediaWiki-Core-AuthManager.Dec 13 2022, 12:21 PM
KartikMistry subscribed.Dec 13 2022, 12:22 PM

Also, users seem not able to save any edits:

"We could not save your edit because the session was no longer valid. You are no longer logged in. Please log back in from a different tab and try again."

Marostegui subscribed.Dec 13 2022, 12:23 PM

There's an incident going on - SRE is on it

Fnielsen subscribed.Dec 13 2022, 12:24 PM

This seems to be a general problem: https://www.wikimediastatus.net/#day The number of "Successful edits" have dropped.

Samwalton9-WMF renamed this task from Can't log in or out - Invalid CSRF token to Can't log in or out or save edits - Invalid CSRF token.Dec 13 2022, 12:25 PM
cmooney subscribed.Dec 13 2022, 12:25 PM

Thanks for the report, we are investigating an issue with our sessionstore service. We've seen sign of recovery in recent minutes, are you still having difficulties?

Samwalton9-WMF added a comment.Dec 13 2022, 12:26 PM

I just logged out and back in successfully.

IKhitron subscribed.Dec 13 2022, 12:27 PM
Fnielsen added a comment.Dec 13 2022, 12:27 PM

I see a recovery now for mediawiki, wikidata and da.wikipedia.

SCP-2000 subscribed.Dec 13 2022, 12:28 PM
Marostegui added a comment.Dec 13 2022, 12:29 PM

The incident should be resolved by now

lettherebedarklight subscribed.Dec 13 2022, 12:29 PM
Samwalton9-WMF closed this task as Resolved.Dec 13 2022, 12:29 PM
Samwalton9-WMF claimed this task.

Seeing logged-in edits again and confirmation from a substantial number of users that issues are resolved.

Sidishandsome subscribed.Dec 13 2022, 12:30 PM
cmooney added a comment.Dec 13 2022, 12:31 PM

Thanks for confirming :)

jcrespo merged a task: T325057: Got logged out and can't log in: There seems to be a problem with your login session; this action has been canceled as a precaution against session hijacking.Dec 13 2022, 12:41 PM
jcrespo added subscribers: Prototyperspective, jcrespo.
kostajh subscribed.EditedDec 13 2022, 12:43 PM

Link to incident notes: https://www.wikimediastatus.net/incidents/hsfcwd3j1z4t

gerritbot added a comment.Dec 13 2022, 12:44 PM

Change 867572 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] sessionstore: Don't pin sessionstore to specific rows

https://gerrit.wikimedia.org/r/867572

gerritbot added a project: Patch-For-Review.Dec 13 2022, 12:44 PM
gerritbot added a comment.Dec 13 2022, 1:24 PM

Change 867572 merged by jenkins-bot:

[operations/deployment-charts@master] sessionstore: Don't pin sessionstore to specific rows

https://gerrit.wikimedia.org/r/867572

Maintenance_bot removed a project: Patch-For-Review.Dec 13 2022, 1:30 PM
JMeybohm mentioned this in T325139: Relax nodeAffinity of sessionstore.Dec 14 2022, 9:59 AM
JMeybohm mentioned this in T270191: Add kubernetes 1.17+ topology annotations.Dec 14 2022, 3:04 PM
JJMC89 added a project: Wikimedia-Incident.Dec 21 2022, 1:10 AM
JJMC89 mentioned this in T325692: API errors in relation to UTRS.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits