[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Page MenuHomePhabricator
Create Task
Maniphest T258121

Logging in to a wiki sometimes fails with 'sessionfailure' error (coinciding with SameSite rollout)
Closed, DeclinedPublic
Actions

Description

If you experience this, please post the name and version of your browser, whether you have used the desktop or mobile site, whether you have checked the "keep me logged in" option, a screenshot of https://samesite-sandbox.glitch.me/ and the name and the first 4-5 characters of the value for all the cookies with "session" or "token" in their name (but no more than that, the full string would give others access to your account!). (see how) Also, if you remember what exact navigation steps led you to that error screen, that would be helpful.

On login, some people get the sessionfailure message:

image.png (177×309 px, 9 KB)

Like T257853: CentralAuth edge login broken on desktop (coinciding with SameSite rollout), it seems to be related to the presence of old cookies somehow. Going incognito or clearing cookies helps.

Related Objects
Search...

Event Timeline

SRuizR created this task.Jul 16 2020, 1:01 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 16 2020, 1:01 AM
Tgr added projects: MediaWiki-extensions-CentralAuth, MediaWiki-Core-AuthManager.Jul 16 2020, 1:05 AM
Tgr subscribed.

Could you provide more details of what you are doing and what happens?

Also, could you share a screenshot of what you see here?

SRuizR added a comment.Jul 16 2020, 1:14 AM

I'm in Special:UserLogin, I put my password and press Log In, but when I press Log In it doesn't respond and shows the message in MediaWiki:Sessionfailure. Here's the screenshot of the SameSite thing.

Requested screenshot bug report.png (488×921 px, 41 KB)

Tgr added a comment.Jul 16 2020, 1:23 AM

What browser and OS are you using? Any special settings (third-party cookie blocking, some privacy extension)?

SRuizR added a comment.Jul 16 2020, 1:26 AM

My OS is Windows 7 my browser is Google Chrome. I don't have any cookie blocking or privacy extension.

Tgr renamed this task from Wikipedia log in problem to Logging in on Wikipedia fails with 'sessionfailure' error.Jul 16 2020, 1:35 AM
Tgr added a comment.Jul 16 2020, 1:45 AM

You are using the desktop site, right? Can you do another login attempt and provide the exact time when you did it? Can you retry in incognito mode (with "Block third-party cookies" disabled)? If you have an alternative account, can you retry with that?

SRuizR added a comment.Jul 16 2020, 1:56 AM

Yes, I'm with the desktop site. I tried with my alternative account SRuizR777 in incognito mode at 1:50 UTC. Surprisingly it worked. I tried with my main account SRuizR in incognito mode at 1:52 UTC and it also worked.

At 1:55 UTC I tried out of incognito and it didn't work.

SRuizR added a comment.Jul 16 2020, 2:43 AM

Nevermind, I restarted my computer and now it's working. Kind regards.

SRuizR closed this task as Invalid.Jul 16 2020, 2:43 AM
Tgr added a comment.Jul 16 2020, 1:31 PM

Thanks! Please reopen if you see this again; we made some changes to the login system, in response of a change in browser behavior (which is rolled out this week and next) so we are very interested in reports of errors (although I'd mostly expect them to happen around cross-wiki login, not direct login).

Tgr merged a task: T258148: Can't login - "There seems to be a problem with your login session".Jul 16 2020, 4:55 PM
Tgr added subscribers: Samwalton9-WMF, alaa.
Tgr reopened this task as Open.EditedJul 16 2020, 4:59 PM

Reopening, happened to another person so clearly not a fluke. Seems to be related to the presence of old cookies. (Maybe the SameSite=None and the legacy cookie getting out of sync?) If you experience this, please post the name and version of your browser, a screenshot of https://samesite-sandbox.glitch.me/ and the first 4-5 characters of all the cookies with "session" or "token" in their name (but no more than that, the full string would give others access to your account!). Also, if you remember what exact navigation steps led you to that error screen, that would be helpful.

T257853: CentralAuth edge login broken on desktop (coinciding with SameSite rollout) seems also related to the presence of old cookies somehow.

Tgr renamed this task from Logging in on Wikipedia fails with 'sessionfailure' error to Logging in to a wiki sometimes fails with 'sessionfailure' error.Jul 16 2020, 5:08 PM
Tgr updated the task description. (Show Details)
Tgr mentioned this in T257853: CentralAuth edge login broken on desktop (coinciding with SameSite rollout).
Tgr updated the task description. (Show Details)Jul 16 2020, 5:37 PM
Tgr mentioned this in T256525: Stay logged in doesn’t work, global login doesn’t work on different projects.Jul 16 2020, 5:41 PM
alaa added a comment.Jul 16 2020, 6:01 PM
This comment was removed by alaa.
alaa added a comment.EditedJul 16 2020, 6:10 PM

name and version of your browser, whether you have used the desktop or mobile site

Desktop - Google chrome 83.0.4103.116

checked the "keep me logged in" option

No

a screenshot of https://samesite-sandbox.glitch.me/ and the name and the first 4-5 characters of the value for all the cookies with "session" or "token" in their name

Maybe it'll not help you now? as I faced it on 2:11 p.m. today. I can't log in through arwiki and enwiki, then I tried through metawiki, so I can log in through metawiki only, and when enter arwiki/enwiki the unified login not work, and I'd log in again through each project alone. So I asked through IRC, and directed me to T258148. I read on it I cleared the cookied for wikipedia.org and was able to login again, so I cleared cookies then restarted the browser. Then all back work fine!

Tgr renamed this task from Logging in to a wiki sometimes fails with 'sessionfailure' error to Logging in to a wiki sometimes fails with 'sessionfailure' error (coinciding with SameSite rollout).Jul 17 2020, 10:39 AM
Tgr mentioned this in T255179: Session failures ("invalid CSRF token") preventing edits, login, logout, etc due to kask outage.
zeljkofilipin mentioned this in T249450: Getting Login Session Error when running tests with Cypress.Jul 20 2020, 9:39 AM
RoySmith subscribed.Jul 20 2020, 7:22 PM
mdaniels5757 subscribed.Jul 24 2020, 4:42 PM
Tgr added a parent task: T255366: SameSite cookie issues.Aug 1 2020, 12:25 PM
Daimona merged a task: T259788: Unable to log into it.wp or wikidata: 'There has been a problem in the session that identifies access; the system did not execute the command given as a precaution. Resubmit the form'.Aug 6 2020, 2:39 PM
Daimona added a subscriber: Sfoltito.
Daimona subscribed.
Sfoltito added a comment.Aug 9 2020, 6:46 PM

@Aklapper I finally managed to log in, in practise it was my not-updated browser; the current version is 12.1.1.36. Thank you for your time.

Bugreporter merged a task: T262123: SUL will not log me in to some WMF projects.Sep 5 2020, 9:45 AM
Bugreporter added a subscriber: Koavf.
Tgr mentioned this in T263888: Unable to login on sourcewiki - `sessionfailure`.Sep 26 2020, 12:47 AM
DannyS712 subscribed.Oct 2 2020, 1:05 AM
RAN1 subscribed.Nov 6 2022, 4:19 PM

I found steps to reproduce this on Firefox 106.0.5 (Release):

  1. At about:config, set javascript.enabled to false
  2. Log in at https://en.wikipedia.org/wiki/Special:UserLogin
  3. Load https://commons.wikimedia.org/wiki/Special:UserLogin

Autologin never happens, and attempts to log in through the form cause sessionfailure. The Special:CentralAutoLogin GETs (checkLoggedIn, createSession, validateSession and setCookies) all occur as they do with JavaScript on.

matmarex closed this task as Declined.Nov 28 2023, 10:13 PM
matmarex subscribed.

There's nothing we can do today about this bug from 3 years ago now. Any logs we had have long since been deleted, and any faulty cookies would have expired after at most a year.

But we understand these kinds of issues better these days (problems which are caused by cookies being set with identical names but different parameters), and if you run into anything like that today, please file a task, and we'll try to do better this time – on the MediaWiki-Platform-Team we have been working on login issues recently and we would like to investigate any new problems.

@RAN1 Your problem was probably something different. If you still see that, please file a task, and we'll look into it.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits