Page MenuHomePhabricator

centralauth_Token only set for local wiki on login
Closed, ResolvedPublic

Description

When a user logs in, and they have checked "Keep me logged in", and they have a global user, the centralauth_Token cookie is only set for the wiki where they are logging in. It is not set for loginwiki, or any of the other SUL wikis.

So the user will be logged out of all the other SUL wikis except the one where they logged in, if they close their browser and then return.

I think we should also set it on loginwiki, so that they will be logged in centrally for 30 days. Other attached wikis can rely on the login check to log them in.


Version: unspecified
Severity: normal

Details

Reference
bz51644

Event Timeline

bzimport raised the priority of this task from to High.Nov 22 2014, 1:47 AM
bzimport set Reference to bz51644.
bzimport added a subscriber: Unknown Object (MLST).

I remember this has been working before.
Why was this changed in the first place?

Change 74682 had a related patch set uploaded by Anomie:
Have Special:CentralAutoLogin honor "Keep me logged in"

https://gerrit.wikimedia.org/r/74682

(In reply to comment #1)

I remember this has been working before.
Why was this changed in the first place?

Considering that all the auto-login logic and a fair bit of the regular login logic had to be rewritten, and in fact were rewritten several times during the development process as constraints shifted, chances are it was accidental.

Change 74682 merged by jenkins-bot:
Have Special:CentralAutoLogin honor "Keep me logged in"

https://gerrit.wikimedia.org/r/74682

Change is merged now, but leaving this open for the moment since this should probably be backported to wmf10 and wmf11, instead of waiting for wmf12.

Change 75251 had a related patch set uploaded by Anomie:
Have Special:CentralAutoLogin honor "Keep me logged in"

https://gerrit.wikimedia.org/r/75251

Change 75251 merged by jenkins-bot:
Have Special:CentralAutoLogin honor "Keep me logged in"

https://gerrit.wikimedia.org/r/75251

Change 75261 had a related patch set uploaded by Anomie:
Update CentralAuth to fix bug 51644

https://gerrit.wikimedia.org/r/75261

Change 75262 had a related patch set uploaded by Anomie:
Update CentralAuth to fix bug 51644

https://gerrit.wikimedia.org/r/75262

Change 75261 merged by Anomie:
Update CentralAuth to fix bug 51644

https://gerrit.wikimedia.org/r/75261

Change 75262 merged by Anomie:
Update CentralAuth to fix bug 51644

https://gerrit.wikimedia.org/r/75262