Closed Bug 1774861 Opened 3 years ago Closed 2 years ago

Unable to login on miraheze wikis (mediawiki 1.38) with ETP - Standard Enabled

Categories

(Core :: Privacy: Anti-Tracking, defect, P2)

Product:
Core
Component:
Privacy: Anti-Tracking
Type:
defect

Tracking

()

Status:
RESOLVED INACTIVE

People

(Reporter: rhinosf1, Unassigned)

Details

Environment:
Browser / Version: not yet known
Operating System: not yet known

Prerequisites:
MediaWiki 1.38 with CentralAuth

Steps to Reproduce:

  • attempt to login to meta.miraheze.org with Total Cookie Protection

Expected Behavior:

  • login works

Actual Behavior:

  • session fails to create and throws error

Notes:
Downstream report at https://phabricator.miraheze.org/T9403#190376

Firefox 101.0.1 on Windows 11 is from the user report

Thanks for filing a bug!
Are you sure this is Total Cookie Protection related? I've tried it on Firefox release 101.0.1 (Ubuntu) with TCP disabled and the login still fails. However it seems to fail intermittently.

Could you try it with network.cookie.cookieBehavior set to 4 (TCP off) via about:config to see if the issue still occurs?

Freddy, could this be samesite-lax breakage? I can see console warnings about it when I log into meta.miraheze.org
"Some cookies are misusing the recommended “SameSite“ attribute "

Flags: needinfo?(rhinosf1)
Flags: needinfo?(fbraun)

There are also some cookie errors like Cookie “centralauth_ss0-User” has been rejected for invalid domain. which might cause this.

Hi Paul,

I was advised by the user that disabling TCP fixed the issues.

We've not had too many reports so it may not be TCP.

Could you advise on how we might be able to isolate the actual cause? We are using the same setup as Wikimedia but with the latest stable release.

You can find our MediaWiki repo and config at github.com/miraheze if it helps.

Flags: needinfo?(rhinosf1)
Severity: -- → S3
Priority: -- → P2

Can you take a look, Tom?

Flags: needinfo?(fbraun) → needinfo?(tschuster)

I think this login portal doesn't work reliably in any browser or version. I got it to work once with Chrome 103, but then I got "No active login attempt is in progress for your session." again the next time. It doesn't work with Firefox 99 either.

RhinosF1 can you check if there is some intermittent problem on the server side?

Flags: needinfo?(tschuster) → needinfo?(rhinosf1)

(On the MediaWiki side of things, https://www.mediawiki.org/wiki/Manual:How_to_debug/Login_problems might come handy.)

Status: UNCONFIRMED → RESOLVED
Closed: 2 years ago
Flags: needinfo?(rhinosf1)
Resolution: --- → INACTIVE
You need to log in before you can comment on or make changes to this bug.