It is pretty confusing when you go to https://en.wikipedia.org/wiki/Special:UserLogin?useNew=1 (being already logged in) and all you get is "[d1aecbd5] 2014-08-23 15:16:17: Fatal exception of type MWException" on a white page.

Raising priority.

I think this was caused by Idd9325374cb5dc13c4c057f45f88a33bdff523a9. There have been no CA changes related to this except my patch changing the fatal into a MWException (I2488e1fd3109ce66c2cb42d9afc78097f2b7313d).

A white screen of death on the login page is more than normal priority, even if it only happens when you're already logged in.

(In reply to spage from comment #0)

As I recall, visiting Special:UserLogin while logged in on mediawiki.org a
week or so ago would just redirect me to the main page (not ideal but better
than an exception);

This is the new expected behavior. Specifically, it redirects you to the returnto, and the main page is the default returnto if another one is not specified in the query string.

(In reply to Andre Klapper from comment #1)

It is pretty confusing when you go to
https://en.wikipedia.org/wiki/Special:UserLogin?useNew=1 (being already
logged in) and all you get is "[d1aecbd5] 2014-08-23 15:16:17: Fatal
exception of type MWException" on a white page.

Just to avoid confusion, useNew was temporary and removed quite a while ago (except for some outdated qqq that crept back in; I just uploaded a patch to fix). It has no effect and is unrelated to this bug.

(In reply to Kunal Mehta (Legoktm) from comment #2)

I think this was caused by Idd9325374cb5dc13c4c057f45f88a33bdff523a9. There
have been no CA changes related to this except my patch changing the fatal
into a MWException (I2488e1fd3109ce66c2cb42d9afc78097f2b7313d).

If S is right that it redirected to the main page before in WMF production ("As I recall...") that indicates the bad CentralAuth interaction is more recent. I personally can't confirm this, so I don't remember if I tested this behavior in production.

(In reply to spage from comment #0)

As I recall, visiting Special:UserLogin while logged in on mediawiki.org a
week or so ago would just redirect me to the main page (not ideal but better
than an exception); but now I'm getting the same Internal error exception
except the production cluster truncates it to a pink "[7ed77f38] 2014-08-21
08:02:15: Fatal exception of type MWException".

If i go to https://www.mediawiki.org/wiki/Special:UserLogin i will be redirected to the main page? No exception there (but in other projects, like en.wiki)

On betalabs i get redirected to main page, too.

Bug 69947 might be a dup?

• Bug 69947 has been marked as a duplicate of this bug. ***

So the cause is Idd9325374cb5dc13c4c057f45f88a33bdff523a9, and this code:

In the case where the user is already logged in, do not show the login page.
The use case scenario for this is when a user opens a large number of tabs, is
redirected to the login page on all of them, and then logs in on one, expecting
all the others to work properly.
if ( $this->mType !== 'signup' && !$this->mPosted && $this->getUser()->isLoggedIn() ) {
$this->successfulLogin();
}

CentralAuth hooks UserLoginComplete from successfulLogin, which redirects through loginwiki's Special:CentralLogin/start and /complete.

I think the exception is happening because it tries to get the username out of $_SESSION, but since the user logged in a while ago, and

echo ini_get( 'session.gc_maxlifetime' );

1440

we only keep sessions around server side for 24 minutes, the username from $_SESSION is probably null, so the exception is triggered.

Tyler, can you explain the use case you put in that comment? I'm not sure I follow why that is needed. We can probably flag CentralAuth not to redirect if we have to, but I'm trying to understand the whole picture.

I am experiencing this. I am getting "[fe654767] 2014-09-03 05:20:50: Fatal exception of type MWException"m even after I try Special:UserLogout then try to log back in. When I try to edit, I get the normal logged out IP traced banner. Any ideas?

Easy/quick/hackish fix in CentralAuth is to check in the onUserLoginComplete function that $wgRequest->wasPosted() === false, and not start the central login process if that's the case.

I wonder if we should even be triggering the UserLoginComplete hook if the user wasn't actually newly logged in.

(In reply to Chris Steipp from comment #7)

Tyler, can you explain the use case you put in that comment? I'm not sure I
follow why that is needed. We can probably flag CentralAuth not to redirect
if we have to, but I'm trying to understand the whole picture.

I mean, it says everything in the comment. Let's say a user has two tabs open, their watchlist and their preferences page. However, they have been logged out because of the session expiry. So when they open their browser, Special:Watchlist and Special:Preferences redirect them to the login page. The user logs in in just one of those pages, such that they can then just refresh all the other pages and have them auto-return to where they intended to go to.

• Bug 70381 has been marked as a duplicate of this bug. ***

Change 158547 had a related patch set uploaded by CSteipp:
Don't do central login if not POSTed

https://gerrit.wikimedia.org/r/158547

Patch got a +1 by legoktm; is more needed or can this get merged?

Change 158547 merged by jenkins-bot:
Don't do central login if not POSTed

https://gerrit.wikimedia.org/r/158547

I was hoping someone else more familiar with auth stuff would look at it but I guess not. Flagging for backport...

(In reply to Kunal Mehta (Legoktm) from comment #9)

I wonder if we should even be triggering the UserLoginComplete hook if the
user wasn't actually newly logged in.

That sounds a little more future proof (and current-proof for other extensions) to me as well, FWIW. When you're already logged in, visiting the login page (even if you're then redirected to your returnto) is not really a UserLoginComplete.

You were already logged in, so you didn't just complete a login.

• Bug 70660 has been marked as a duplicate of this bug. ***

Change 159491 had a related patch set uploaded by Reedy:
Don't do central login if not POSTed

https://gerrit.wikimedia.org/r/159491

Change 159492 had a related patch set uploaded by Reedy:
Don't do central login if not POSTed

https://gerrit.wikimedia.org/r/159492

Change 159491 merged by jenkins-bot:
Don't do central login if not POSTed

https://gerrit.wikimedia.org/r/159491

Change 159492 merged by jenkins-bot:
Don't do central login if not POSTed

https://gerrit.wikimedia.org/r/159492

• Bug 70666 has been marked as a duplicate of this bug. ***

Visiting "Special:UserLogin" on en.wp and test.wp now directly redirect me to the main page, no exception thrown.

[Backport was merged into 1.24wmf19 and 1.24wmf20 upon a time, hence setting Backport_WMF flag to +]