Noticed this while digging into another bug. In beta, users are not created on loginwiki. So cross-project login isn't working.
The odd thing that I think is happening is that the browser isn't getting all of the cookies that the wiki is setting. Maybe a Varnish issue?
In the beta logs, I see the user is redirected to loginwiki:
0.1661 4.2M Start request GET /wiki/Special:CentralLogin/start?token=b4bac89e539642795df51e425a974ffc
HTTP HEADERS:
HOST: login.wikimedia.beta.wmflabs.org
And then (as it should), loginwiki sets the user's cookies:
loginwiki-9c1ccc4f: 0.1995 8.8M [cookie] setcookie: "centralauth_Session", "aa2442f2d2e716dc89eb16d1f89f3cfe", "0", "/", "", "", "1"
loginwiki-9c1ccc4f: 0.2004 8.8M [cookie] setcookie: "centralauth_User", "TestBug16864'7", "1396574220", "/", "", "", "1"
loginwiki-9c1ccc4f: 0.2006 8.8M [cookie] setcookie: "centralauth_Token", "", "1393895820", "/", "", "", "1"
However, in my browser, the only Set-Cookie header is:
Set-Cookie centralauth_Session=aa2442f2d2e716dc89eb16d1f89f3cfe; path=/; httponly; GeoIP=US:Santa_Clara:37.3541:-121.9552:v4; path=/
When the AutoLogin code runs, loginwiki then has:
0.1973 4.2M Start request GET /wiki/Special:CentralAutoLogin/refreshCookies?type=1x1&wikiid=enwiki&proto=http
HTTP HEADERS:
HOST: login.wikimedia.beta.wmflabs.org
USER-AGENT: Mozilla/5.0 (X11; Linux x86_64; rv:27.0) Gecko/20100101 Firefox/27.0
ACCEPT: image/png,image/*;q=0.8,*/*;q=0.5
ACCEPT-LANGUAGE: en-US,en;q=0.5
DNT: 1
REFERER: http://en.wikipedia.beta.wmflabs.org/w/index.php?title=Main_Page&gettingStartedReturn=true
COOKIE: GeoIP=US:Santa_Clara:37.3541:-121.9552:v4; centralauth_Session=aa2442f2d2e716dc89eb16d1f89f3cfe
X-VARNISH: 497335809, 1267638667
X-FORWARDED-FOR: 50.136.233.16, 127.0.0.1
ACCEPT-ENCODING: gzip
loginwiki-8577f040: 0.1980 4.2M CACHES: MemcachedPhpBagOStuff[main] MemcachedPhpBagOStuff[message] MemcachedPhpBagOStuff[parser]
loginwiki-8577f040: 0.2054 5.0M LocalisationCache: using store LCStoreCDB
loginwiki-8577f040: 0.2084 5.5M Fully initialised
loginwiki-8577f040: 0.2148 5.8M CentralAuthHooks::onUserLoadFromSession: no User cookie, so unable to check for session mismatch
So no session because the centralauth_User cookie is missing.
Version: unspecified
Severity: major
See Also:
https://bugzilla.wikimedia.org/show_bug.cgi?id=62001