Page MenuHomePhabricator
Create Task
Maniphest T355280

Try to connect to central session before temp user creation
Open, Stalled, Needs TriagePublic
Actions

Description

When a temp user visits a new wiki, they might get detached from they central session and appear logged out, due to the issues described in T345249: Mitigate phase-out of third-party cookies in CentralAuth. Clicking on the login link should still work - the workaround in T326281: Attempt top-level central autologin when visiting the login page (to allow autologin when the browser blocks third-party cookies) seems pretty robust so far. But if they start editing a page instead, that creates a temporary user first and does central login only after that, so they would end up as different temp users on different wikis. (I think. I haven't found an easy way to verify it. On beta cross-domain cookies always work, because of T345249#9464539 I think.)

If this is indeed the case, not sure how we could prevent it. For edits via the web form, we could just do a top-level autologin when the user opens the edit form. But for JS-based editors which open without reloading the page, that would be too disruptive. Automatically rename/merge the second temp user when the browser is doing the after-edit central login and the login wiki finds out that they are already logged in as a different users? That seems very complicated.

Related Objects
Search...

Event Timeline

Tgr created this task.Jan 18 2024, 3:59 AM
Restricted Application added a project: MediaWiki-Platform-Team. · View Herald TranscriptJan 18 2024, 3:59 AM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Tgr added a subtask: T355281: Set up some beta cluster wikis with different registrable domain.Jan 18 2024, 5:33 AM
Tchanders added subscribers: Tchanders, Batorsz, Urbanecm_WMF.Jan 18 2024, 8:19 AM
Tgr added a parent task: T326937: Prepare CentralAuth extension for IP Masking.Jan 19 2024, 12:36 AM
matmarex subscribed.Jan 22 2024, 4:25 PM
matmarex unsubscribed.
matmarex subscribed.Jan 22 2024, 4:28 PM
Tgr mentioned this in T355621: Gather metrics about the impact of third-party cookie blocking on login.Jan 29 2024, 9:51 AM
Tgr added a comment.Jan 30 2024, 10:48 PM

I can see two ways of handling this:

  • Try to ensure the user is logged in by the time of the edit, by doing a top-level redirect either when they open the editor or when they submit the edit. This is strightforward for the old editor, but not really possible for JS-based editors as far as I can see. (Maybe via a popup window?)
  • After the edit, when we do a central login redirect, special-case the situation where the user is already logged in centrally and do a user merge.

Or we can just ignore the problem and accept that some fraction of temp users will have multiple identities (a fairly large fraction, given the impending Chrome third-party cookie deprecation).

kostajh subscribed.Jan 31 2024, 6:55 AM
pmiazga moved this task from Inbox, needs triage to Needs refinement on the MediaWiki-Platform-Team board.Feb 5 2024, 4:12 PM
Bugreporter moved this task from Backlog to Central session, SSO (autologin) and centralauthtoken on the MediaWiki-extensions-CentralAuth board.Mar 5 2024, 11:36 AM
Tgr mentioned this in T362706: Permit displaying the login / signup page in a popup or iframe.May 22 2024, 1:34 PM
pmiazga closed subtask T355281: Set up some beta cluster wikis with different registrable domain as Resolved.Jun 10 2024, 6:09 PM
Tchanders moved this task from Inbox to Needs Other Teams on the Temporary accounts board.Jun 11 2024, 5:12 PM
Tgr mentioned this in T345249: Mitigate phase-out of third-party cookies in CentralAuth.Jul 9 2024, 5:37 PM
kostajh added a comment.Sep 8 2024, 7:58 AM

@Tgr is this something that your team intends to look at?

Tgr added a comment.Oct 18 2024, 11:46 AM

Had a chat with @kostajh about this and we realized that the impact will be very limited:

  • Because the CentralAuth session provider sets a parent-domain cookie when the temp account is autocreated with $login=true, all other wikis in the same family will recognize the temp user immediately.
  • The central login that happens after the user's first edit is pretty reliable today (it's a top-level redirect) and that sets cookies for the central session on login.wikimedia.org (with SUL3 it will be a different domain but otherwise the process will be unchanged). These are not set on the parent domain (for security reasons, as wikimedia.org is not a MediaWiki-only domain), but the paradigm browsers generally use for cookie access is same-site, not same-domain, so that means accessing the central cookies during autologin should work in most browsers when the top-level document is a wikimedia.org subdomain. In practice this means that the temp account will reliably transfer to Wikimedia Commons too (which is the most likely candidate for "temp user switches to a different project and edits there too" behavior).

So in practice there aren't many user workflows that are affected - maybe editing a Wikipedia page and then going over to Wikidata to edit something that's used in the infobox?

(This also means there is no way to test this behavior until temp users are rolled out to multiple top-level domains. Or at least not normally - you can manually delete some cookies I suppose.)

The conclusion was that this is probably fine to ignore - we might find that it's more problematic than we imagined and reassess, but there is no need to do anything unless that happens.

Tgr changed the task status from Open to Stalled.Oct 18 2024, 11:46 AM

Whenever the system finds during central login that the user is already centrally logged in, and both accounts are temporary ones, it creates a Logstash entry with the message Temp user conflict: {old} / {new}, so searching for that in Logstash will show how often it happens.

Tgr edited projects, added MediaWiki-Platform-Team (Radar); removed MediaWiki-Platform-Team.Oct 18 2024, 11:47 AM
Tgr edited projects, added MediaWiki-Platform-Team; removed MediaWiki-Platform-Team (Radar).
Tgr moved this task from Needs refinement to Not planned (Patches welcome!) on the MediaWiki-Platform-Team board.
Tgr mentioned this in T378449: Persist temp account sessions across top-level domains.Oct 29 2024, 9:59 AM
Tgr mentioned this in T377561: "Keep me logged in" flag unreliable on the central domain.Nov 11 2024, 9:24 AM
Tgr mentioned this in T383136: [SUL3] Make edge-login to work for temporary accounts (on wikifarm with same parent domain).Jan 7 2025, 10:38 PM
JTweed-WMF edited projects, added MediaWiki-Platform-Team (Roadmap); removed MediaWiki-Platform-Team.Jan 22 2025, 3:45 PM
JTweed-WMF moved this task from Now => Move to Inbox to Parking Lot on the MediaWiki-Platform-Team (Roadmap) board.
Restricted Application added a project: Trust and Safety Product Team. · View Herald TranscriptJan 22 2025, 3:45 PM
Dreamy_Jazz moved this task from Inbox to Tracking work by others on the Trust and Safety Product Team board.Aug 6 2025, 10:20 AM
Tgr mentioned this in T403930: Global account not working properly.Sep 8 2025, 12:55 PM
OKryva-WMF edited projects, added Product Safety and Integrity; removed Trust and Safety Product Team.Oct 24 2025, 3:15 PM
OKryva-WMF moved this task from Inbox to Triaged (backlog) on the Product Safety and Integrity board.Oct 24 2025, 3:20 PM
OWresch-WMF moved this task from Roadmap to Not planned / Patches welcome on the MediaWiki-Platform-Team board.Jan 20 2026, 11:18 AM
OWresch-WMF edited projects, added MediaWiki-Platform-Team; removed MediaWiki-Platform-Team (Roadmap).
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits