Page MenuHomePhabricator
Create Task
Maniphest T403899

Top-level autologin does not fully work for temporary accounts
Open, Needs TriagePublic
Actions

Description

Top-level autologin does not fully work for newly created temporary accounts, even when it works for a normal account on the same browser.

Steps to reproduce:

  • Edit a page without logging in on test.wikipedia.org (in a browser that blocks edge login and subrequest autologin but not top-level autologin, such as Chrome in incognito mode)
  • Navigate to en.wikiversity.org
  • Click Login
  • Instead of getting logged in, you end up on the login page. However, if you press the browser's back button, you are logged in.

The top-level autologin sequence looks normal; it ends in the /setCookies step with X-Centralauth-Status: success, and all the session cookies are set correctly. Special:CentralAutoLogin then redirects back to Special:UserLogin, which deletes the CentralAuthAnonTopLevel cookie (as it would on success), but then redirects to the central login domain.

Related Objects

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits