Anonymous data should not be in the authenticated store
Closed, ResolvedPublicPRODUCTION ERROR
Actions

Assigned To

Authored By

	DAlangi_WMF
	Oct 7 2025, 10:02 AM

Description

Error

mwversion: 1.45.0-wmf.21
reqId: d5bc92a6-67e8-4821-aa37-66b6b5097f59
Find reqId in Logstash

normalized_message

Anonymous data should not be in the authenticated store

Frame	Location	Call
from	/srv/mediawiki/php-1.45.0-wmf.21/includes/session/MultiBackendSessionStore.php(231)
#0	/srv/mediawiki/php-1.45.0-wmf.21/includes/session/SessionManager.php(646)	MediaWiki\Session\MultiBackendSessionStore->get(MediaWiki\Session\SessionInfo)
#1	/srv/mediawiki/php-1.45.0-wmf.21/includes/session/SessionManager.php(602)	MediaWiki\Session\SessionManager->loadSessionInfoFromStore(MediaWiki\Session\SessionInfo, MediaWiki\Request\WebRequest)
#2	/srv/mediawiki/php-1.45.0-wmf.21/includes/session/SessionManager.php(150)	MediaWiki\Session\SessionManager->getSessionInfoForRequest(MediaWiki\Request\WebRequest)
#3	/srv/mediawiki/php-1.45.0-wmf.21/includes/Request/WebRequest.php(874)	MediaWiki\Session\SessionManager->getSessionForRequest(MediaWiki\Request\WebRequest)
#4	/srv/mediawiki/php-1.45.0-wmf.21/includes/Setup.php(516)	MediaWiki\Request\WebRequest->getSession()
#5	/srv/mediawiki/php-1.45.0-wmf.21/includes/WebStart.php(86)	require_once(string)
#6	/srv/mediawiki/php-1.45.0-wmf.21/index.php(50)	require(string)
#7	/srv/mediawiki/w/index.php(3)	require(string)
#8	{main}

Impact

Over 1K log entries in the last 7 days.

Notes

Details

Request URL: https://www.wikidata.org/wiki/Special:CentralAutoLogin/start?from=*&type=*&useformat=*&usesul3=*

Related Changes in Gerrit:

	Subject	Repo	Branch	Lines +/-
	session: Avoid logging in session store if UserInfo is available	mediawiki/core	master	+32 -23

Customize query in gerrit

Related Objects
Search...

Status	Subtype	Assigned	Task
Resolved		JTweed-WMF	T398814 WE5.1.1 Session storage protection
Resolved		JTweed-WMF	T400372 Separate storage backend for anonymous sessions
Resolved		DAlangi_WMF	T402808 Deploy separate anonymous session backend to Wikimedia production, in log-only mode
Resolved	PRODUCTION ERROR	DAlangi_WMF	T406560 Anonymous data should not be in the authenticated store

Event Timeline

DAlangi_WMF created this task.Oct 7 2025, 10:02 AM

Restricted Application added a project: Wikimedia-production-error. · View Herald TranscriptOct 7 2025, 10:02 AM

Restricted Application added a subscriber: Aklapper. · View Herald Transcript

DAlangi_WMF moved this task from Inbox, needs triage to In progress (DO NOT USE) on the MediaWiki-Platform-Team board.Oct 7 2025, 10:02 AM

DAlangi_WMF mentioned this in T405633: Session data is authenticated, should not be an anonymous user.Oct 7 2025, 10:14 AM

Tgr added a parent task: T402808: Deploy separate anonymous session backend to Wikimedia production, in log-only mode.Oct 7 2025, 7:47 PM

Change #1195029 had a related patch set uploaded (by D3r1ck01; author: Derick Alangi):

[mediawiki/core@master] session: Avoid logging in session store if UserInfo is available

https://gerrit.wikimedia.org/r/1195029

gerritbot added a project: Patch-For-Review.Oct 9 2025, 7:17 PM

Store is anonymous, but the user associated to the data is authenticated

from /srv/mediawiki/php-1.45.0-wmf.22/includes/session/MultiBackendSessionStore.php(216)
#0 /srv/mediawiki/php-1.45.0-wmf.22/includes/session/SessionManager.php(632): MediaWiki\Session\MultiBackendSessionStore->get(MediaWiki\Session\SessionInfo)
#1 /srv/mediawiki/php-1.45.0-wmf.22/includes/session/SessionManager.php(588): MediaWiki\Session\SessionManager->loadSessionInfoFromStore(MediaWiki\Session\SessionInfo, MediaWiki\Request\WebRequest)
#2 /srv/mediawiki/php-1.45.0-wmf.22/includes/session/SessionManager.php(136): MediaWiki\Session\SessionManager->getSessionInfoForRequest(MediaWiki\Request\WebRequest)
#3 /srv/mediawiki/php-1.45.0-wmf.22/includes/Request/WebRequest.php(860): MediaWiki\Session\SessionManager->getSessionForRequest(MediaWiki\Request\WebRequest)
#4 /srv/mediawiki/php-1.45.0-wmf.22/includes/Setup.php(502): MediaWiki\Request\WebRequest->getSession()
#5 /srv/mediawiki/php-1.45.0-wmf.22/includes/WebStart.php(72): require_once(string)
#6 /srv/mediawiki/php-1.45.0-wmf.22/index.php(36): require(string)
#7 /srv/mediawiki/w/index.php(3): require(string)
#8 {main}

We're satisfied with the logs so far, and we'll be closing this as resolved. The log messages have been changed anyway by If9c4a13f7e49349cf344e32a4f6e2714e9e44e3a (2ea77a739a39d9da255c88cd876e7baf49237ae8).

If any issues arise, we'll file new tasks and track from there. Even with the deployment to group2 today, we're having an average of about two occurrences (warnings) of this per minute, which sounds fine.

Change #1195029 abandoned by D3r1ck01: