Page MenuHomePhabricator
Create Task
Maniphest T363643

Logging into a different account does not work on Wikimedia wikis
Open, Needs TriagePublic
Actions

Description

Steps to reproduce:

  1. visit https://en.wikipedia.org/, log in (leave "keep me logged in" unchecked)
  2. visit https://login.wikimedia.org/, verify you are logged in centrally
  3. https://en.wikipedia.org/wiki/Special:Userlogin and log in as a different user
  4. visit https://login.wikimedia.org/ again to check your central session

Actual results: initially, the re-login on enwiki in step 3 will work, but in step 4 I'm logged out on loginwiki, and after that I'm logged out on enwiki as well.

Tested in Chrome 124 in incognito mode (with default setting, ie. no third-party cookie blocking).

Not sure if something changed on our side or in the browser support, but IIRC this used to work.

With "keep me logged in" checked, the local login will remain functional (which makes sense since it isn't dependent on having a valid session anymore) but the central one won't.

Event Timeline

Tgr created this task.Sun, Apr 28, 1:26 PM
Restricted Application added a project: MediaWiki-Platform-Team. · View Herald TranscriptSun, Apr 28, 1:26 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Daimona subscribed.Sun, Apr 28, 2:12 PM
ArielGlenn subscribed.Sun, Apr 28, 3:01 PM

What third party cookie testing etc flags might you have enabled or disabled? Anything possibly interfering from there? I took a fresh install of Chrome, did the steps described, and at step 4 I was still logged in on loginwiki as the second user. Returning to en.wp after that, I was still logged in there as well. Chrome version 124, linux, not logged into Google or my WMF account when using the browser. I was in an incognito window, and the Privacy and Security settings say "Third-party cookies are blocked in Incognito mode".

Tgr added a comment.Sun, Apr 28, 4:20 PM

I'm using standard flags. Not blocking third-party cookies in incognito mode. So maybe it's caused by edge login somehow?
I can also reproduce it locally.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL