Using e.g. google cache:
http://webcache.googleusercontent.com/search?q=cache:https://en.wikipedia.org/%3Ftitle%3DMs.+
It pops up "You are centrally logged in. Reload the page to apply your user settings." every time but this is obviously not true. I don't know what it did, but it didn't establish an meaningful session.
I don't know if it is feasible to prevent the auto-login attempt when it isn't useful. But at least we shouldn't report that it succeeded when it didn't.
'
Possibly related:
| Subject | Repo | Branch | Lines +/- | |
|---|---|---|---|---|
| Remove success notification when we can't get autologin response | mediawiki/extensions/CentralAuth | master | +1 -18 |
Duplicate / generalization of https://phabricator.wikimedia.org/T57887?
T100413 is related in that we see this affect when the autologin script is run on a domain that doesn't map to a wiki id, which is currently the case for *.m.* domains at the WMF.
It would be less efficient, but we could load the personalization message via xhr, so only CORS domains could load it. I think we've talked about that previously, but I don't recall the outcome.
I don't recall that either, but I imagine one issue there is that we support a superset of browsers that support CORS. Though we can fallback to current behaviour in that case (using e.g. bool $.support.cors). Can you elaborate on what we'd use CORS for exactly?
Change 965729 had a related patch set uploaded (by Bartosz Dziewoński; author: Bartosz Dziewoński):
[mediawiki/extensions/CentralAuth@master] Remove success notification when we can't get autologin response
Change 965729 merged by jenkins-bot:
[mediawiki/extensions/CentralAuth@master] Remove success notification when we can't get autologin response