Page MenuHomePhabricator
Create Task
Maniphest T363643

Logging into a different account does not work on Wikimedia wikis
Closed, InvalidPublic
Actions

Description

Steps to reproduce:

  1. visit https://en.wikipedia.org/, log in (leave "keep me logged in" unchecked)
  2. visit https://login.wikimedia.org/, verify you are logged in centrally
  3. https://en.wikipedia.org/wiki/Special:Userlogin and log in as a different user
  4. visit https://login.wikimedia.org/ again to check your central session

Actual results: initially, the re-login on enwiki in step 3 will work, but in step 4 I'm logged out on loginwiki, and after that I'm logged out on enwiki as well.

Tested in Chrome 124 in incognito mode (with default setting, ie. no third-party cookie blocking).

Not sure if something changed on our side or in the browser support, but IIRC this used to work.

With "keep me logged in" checked, the local login will remain functional (which makes sense since it isn't dependent on having a valid session anymore) but the central one won't.

Event Timeline

Tgr created this task.Apr 28 2024, 1:26 PM
Restricted Application added a project: MediaWiki-Platform-Team. · View Herald TranscriptApr 28 2024, 1:26 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Daimona subscribed.Apr 28 2024, 2:12 PM
ArielGlenn subscribed.Apr 28 2024, 3:01 PM

What third party cookie testing etc flags might you have enabled or disabled? Anything possibly interfering from there? I took a fresh install of Chrome, did the steps described, and at step 4 I was still logged in on loginwiki as the second user. Returning to en.wp after that, I was still logged in there as well. Chrome version 124, linux, not logged into Google or my WMF account when using the browser. I was in an incognito window, and the Privacy and Security settings say "Third-party cookies are blocked in Incognito mode".

Tgr added a comment.Apr 28 2024, 4:20 PM

I'm using standard flags. Not blocking third-party cookies in incognito mode. So maybe it's caused by edge login somehow?
I can also reproduce it locally.

larissagaulia moved this task from Inbox, needs triage to Within 2 Qs on the MediaWiki-Platform-Team board.May 27 2024, 2:38 PM
JTweed-WMF edited projects, added: MediaWiki-Platform-Team (Roadmap); removed: MediaWiki-Platform-Team.Jan 22 2025, 3:51 PM
JTweed-WMF moved this task from Now => Move to Inbox to Later => Move to Inbox on the MediaWiki-Platform-Team (Roadmap) board.
OWresch-WMF edited projects, added: MediaWiki-Platform-Team; removed: MediaWiki-Platform-Team (Roadmap).Jan 16 2026, 1:56 PM
A_smart_kitten moved this task from Within 2 Qs to Inbox, needs triage on the MediaWiki-Platform-Team board.Apr 28 2026, 8:19 PM
Tgr closed this task as Invalid.Tue, May 19, 8:00 PM

I can't reproduce this, and SUL3 introduced major changes in these workflows so it would be surprising if it were still reproducible. I found a different bug though:

After logging in successfully, instead of returning to enwiki as User2, I'm still on auth.wikimedia.org, seeing the login form with an extra warning, You are already logged in as User2. (I'm indeed logged in.) On enwiki, I'm still logged in as User1 (unsurprising, since login got interrupted).

...couldn't reproduce it though, maybe just the usual tokenstore loss?

Anyway, pretty sure the issue described in this task is not relevant anymore.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits