Logging into desktop Commons does not also log you into mobile Commons. Logging into mobile Commons does not also log you into desktop Commons. Authentication sharing between mobile and desktop versions of the other projects seems to work fine.
Steps to reproduce:
Expected result: You are still logged in
Actual result: You are not logged in
| Project | Branch | Lines +/- | Subject | |
|---|---|---|---|---|
| mediawiki/extensions/CentralAuth | master | +2 -0 | Mark centralautologin for mobile |
We can't set the cookie for *.wikimedia.org since there are private wikis on that domain. That's why we individually login to each of the public wikimedia.org domains.
In this case though, it should be similar to the case where 3rd-party cookies are disabled, and the attempt to set the user's cookies on login fails. In that case, when the user gets to the site, and doesn't have any cookies, they should get an image / javascript that attempts to log them in to the current wiki if they are logged in to loginwiki (see the isAnon() code in CentralAuthHooks::onBeforePageDisplay() for the code). If that isn't working on the mobile site, then that's an entire issue that needs to be addressed.
@Jdlrobson, is this working now? My last comment was, "If that isn't working on the mobile site, then that's an entire issue that needs to be addressed." And it would need to be addressed in mobile frontend. Just want to make sure you're not waiting on CentralAuth to fix this.
Sorry I binge bug triaged and yes you're right nope.. still not working and I missed your last message. I'm not clear what isn't happening here. Maybe @kaldari has some ideas
No worries!
CentralAuthHooks::onBeforePageDisplay() tries in two ways to auto-login anonymous users the first time they hit a page while logged out.
$out->addModules( 'ext.centralauth.centralautologin' );
loads the javascript version. Then we add a fallback <noscript> element with a 1x1 image (pointing at Special:CentralAutoLogin/start, with a bunch of other parameters) that does the handshake.
If either/both of those are being stripped by MobileFrontend, then the autologin won't work. The javascript also assumes that the skin is Vector, so that might be failing too.
There's your bug then - ext.centralauth.centralautologin needs to set 'targets' => array( 'desktop', 'mobile' ) on its ResourceLoader module definition.
@Jdlrobson, adding 'target' => array( 'desktop', 'mobile' ) is easy enough, but the autologin script eventually loads in
which looks like it is going to fail on mobile. The user will be logged in one the browser actually downloads that javascript and has the cookies set, but the user won't get a notification.
Can you help with updating autologin.js to handle both mobile or desktop? Or is there someone else on mobile who would be better for that?
Add the targets and add me as a reviewer and I'll merge
I ran the autologin script on mobile and it doesn't do anything catastrophic to the UI.
Even though it doesn't update the ui to look like the user is logged in, since mobile is more JavaScripty than desktop this would probably be a bad experience anyway - it wouldn't show Echo notifications for some reason.
I think it's better to force the user to reload anyway - the notification message shows so we're good to go there.
Change 205771 had a related patch set uploaded (by CSteipp):
Mark centralautologin for mobile