Odd. Can you provide a screenshot (including the URL bar)?

https://imageshack.us/a/img835/4162/ydan.png

As you can see, it's vector without any of my custom js. Earlier today, I had it happen even on Meta, with myself being shown as logged out until I refreshed :S

Created attachment 12945
Screenshot of post-login notification in the wrong skin advising the user to refresh

Attached:

For reference: centralauth-centralautologin-logged-in is the relevant MediaWiki message and SpecialCentralAutoLogin.php is the relevant PHP file that uses it (cf. https://git.wikimedia.org/blob/mediawiki%2Fextensions%2FCentralAuth.git/dcf1d2c3e7459b2de101941dbd4235acd858172b/specials%2FSpecialCentralAutoLogin.php).

I'm not quite sure whether there's a bug here or if this is expected behavior.

That will happen if the code that runs after the initial login can't set the necessary cookies on all the other domains. It's better than how things used to be if the cookies couldn't be set; before you'd have to manually log in on every wiki instead of just reloading.

The way things work now: You log in, it redirects you to login.wikimedia.org, then redirects you back, then redirects you to the page that used to be the "return to" link. I guess this part is all working properly for you, since the JS message you're getting depends on that much.

Then, in the footer of that returned-to page, it injects a number of 1x1 pixel images to set the cookies for the other domains. These redirect between the other domain and loginwiki a few times before finally setting the cookie. Presumably something about that is failing.

• Do you have anything installed that blocks "web bugs"? For example, I see an Adblock Plus icon in your screenshot, which may be configured to do this.
• Can you check that these images are actually present? Search the page source for "1x1".
• If you know how to use something like Firefox's Live HTTP Headers addon,[1] capture the headers for a load of one of those images. If you do so, please redact the values of the various *_Token and *_Session cookies before posting the captured headers.
• A final possibility is that your browser is refusing to set the third-party cookies from the images, even if you've visited the third-party site before.

[1]: https://addons.mozilla.org/en-us/firefox/addon/live-http-headers/

These are all hours after I actually login, and multiple times during a day on the same wiki (Metawiki, which is the one I usually work on). I mean, it's not like I login, and run into this. I get them at random times all thru ought the day. Will try to get you Headers data and the rest of the required info. I don't think Adblock would do that, as it is in its default config iirc. More likely to be https://addons.mozilla.org/en-US/firefox/addon/donottrackplus/ .

(In reply to comment #6 by Snowolf)

Will try to get you Headers data and the rest of the required info

Snowolf: Did you have luck / time to do that?

(In reply to comment #6 by Snowolf)

Will try to get you Headers data and the rest of the required info

Snowolf: Did you have luck / time to do that?

Snowolf: Still an issue, or obsolete? Can you provide more info?

Snowolf: Still an issue, or obsolete? Can you provide more info?

I think it's obsolete, I haven't run into it in ages.