Being constantly logged out of the wiki

resolved

#1

I tried to edit https://wiki.restarters.net/Apple_miscellaneous but got the error message:

You do not have permission to edit this page, for the following reason:

The action you have requested is limited to users in the group: Users.

(@philip made my edits to that page)

It seems the problem is that I’m constantly logged out. Here’s how to reproduce this:

  1. Go to https://wiki.restarters.net/Apple_miscellaneous

  2. Go through the log in procedure (even ticking to keep me logged in). This works and the icon turns blue and shows an envelope beneath.

  3. Click on the home page. Still logged in.

  4. Click on the same page (‘Apple miscellaneous including OS X and Macs.’)
    I’m logged out with the grey icon.

So I suspect the issue is one of not being logged in rather than (or maybe as well as) being a member of the Users group.


#2

Sorry about that @Panda, thanks for reporting. I’ve logged an issue here and we’ll look into it: https://github.com/TheRestartProject/restarters.net/issues/107

I agree that it is probably the login issue, and not a permissions issue.


#3

Hi @Panda

When you first log in to the Wiki, could you see if the following cookies are set in your browser?

  • wiki_db_mw__session
  • wiki_db_mw_UserID
  • wiki_db_mw_UserName

Assuming they are, could you also let me know:

  • what values are set for wiki_db_mw_UserID and wiki_db_mw_UserName?
  • what is set for ‘Expires on’ on all three of those cookies?

#4

A few other things to help debug:

  • Does it happen in all browsers, or just one in particular?
  • Does it still happen it privacy plugins/adblockers are switched off?

I’ve tried with a test account in the same user group as your account, and could not create the issue.

Some extra things we can try are listed here also:

https://www.mediawiki.org/wiki/Manual:How_to_debug/Login_problems


#5

wiki_db_mw__session vlk73p7s0granfs5nc7k7p3jkh7pp8um wiki.restarters.net / Session 51 B ✓ ✓

wiki_db_mw_UserID 4 wiki.restarters.net / 27/07/2019, 23:09:10 18 B ✓ ✓

wiki_db_mw_UserName Panda wiki.restarters.net / 27/07/2019, 23:09:10 24 B ✓ ✓

However if I check the cookies when I’ve been logged out, out of these three cookies only this one remains:
wiki_db_mw_UserName Panda wiki.restarters.net / 27/07/2019, 23:19:12 24 B ✓ ✓

I’ve only tried with Safari on Mojave. [Update: I’ve just tried with Vivaldi and I remained logged in the Wiki and could edit a page, so this seems specific to Safari.]

Yes (I’ve switched content blockers off for wiki.restarters.net).

I wonder if it could be related to the ‘Prevent cross-site tracking’ and/or ‘Ask websites not track me’ options. I disabled both and logged in and then Safari was working, but then I reenabled both, tried to enable one only and it didn’t work, and after disabling both it still doesn’t work. So it worked once while disabling these two options, but it does not appear to be reproducible so I’m unsure whether either/both these options have anything to do with this problem.


#6

Thanks @Panda - it seems like it could have something to do with the session cookie then - that is the one that determines whether you are logged in or not. When a cookie has its Expiry set to ‘Session’, that generally used to mean that it would expire when the browser is closed, but it does depend on how the particular browser chooses to treat it.

One possibility is that perhaps Safari on Mojave is choosing not to persist the session cookie - I’ll have a dig and see if there is any advice on that.

That said, it looks as if in Mediawiki you can change the lifespan of session cookies (https://www.mediawiki.org/wiki/Manual:$wgObjectCacheSessionExpiry), so I’ll try that too, as we probably want it to persist longer than the browser lifetime anyway.

(One interesting quirk though is that the UserID cookie also appears to have been cleared, even though that had a fixed expiry date.)


#7

I also wonder if it is related to the ‘Prevent cross-site tracking’ setting. When testing I just randomly clicked to some of the wiki pages and back to the main page. So I have not knowingly done anything different in the one case that worked, but may have by chance. In particular as that setting as to do with preventing cross-domain cookies, would there be any path that goes out of the wiki.restarters.net domain? If that’s the case then that could be the issue.


#8

Main page - as in https://wiki.restarters.net/Main_Page, or https://restarters.net?

The path setting for the wiki cookies is set as / so that should work on all subpaths, I don’t think any pages would be amending it either. The domain should always be wiki.restarters.net.

I’m not sure exactly what the Prevent cross-site tracking setting does with regards to cookies. I think Mediawiki is only ever setting cookies on the domain it is installed on, so I wouldn’t have thought that counts as cross-site. But I don’t know all the ins and outs of it - will explore further, thanks.


#9

The former.

I havent’t looked in details, but my understanding is that it prevents cookies being shared across domains.


#10

I believe I may have found the cause: the Official Wayback Machine Extension v2.1.3 for Safari.

Looking around the net for similar behaviour of Safari, it looked like extensions could be an issue (they all tend to inject JS in the pages). Disabling the Wayback machine seems to fix the problem.

Also I can’t find a page on Web Archive for this extension, so it may have been abandoned. It is copyrighted 2017 and there have been a few versions of Safari since.

@neil apologies to have wasted your time with this bug, but considering that extension (or any of the few other ones I have installed) is not something I considered that could be related. I haven’t managed to be automatically logged out since disabling this extension in several attempts, so I’m pretty convinced this was the root cause.


#11

No problem @Panda, nice bit of detective work there!

Thanks very much for digging into the solution and letting us know. I’ll mark it as resolved but we can come back to it if it turns out not to be the Wayback Machine extension.


archived #12