Last modified: 2013-03-15 16:44:32 UTC
I can reproduce this in Chrome 25 on desktop (using desktop Wikipedia, not mobile), with or without the incognito mode. I log in to English Wikipedia and I'm not logged in to Commons. * The images from various Special:AutoLogin always load. * I don't see a centralauth_Session cookie on Commons. * I don't see a commonswiki_session cookie either. I managed to reproduce it only using HTTP, but it seems it sometimes doesn't work on HTTPS for mobile users in production (we enforce HTTPS for logged in users on mobile and log an error when mobile users try to upload a photo but are not logged into Commons). It works (both for HTTP and HTTPS) on Firefox 19. There are also mixed reports on this from other people (http://www.gossamer-threads.com/lists/wiki/wikitech/338428). Seems like a non-deterministic bug.
If that happens, does it log you into any projects other than the one you're currently on or into none at all (is it fully dysfunctional or just randomly failing)? Probably the various privacy protection features in the browsers kick in here as were acting exactly like "evil" ad banners :/
I just tried with Wikivoyage and it worked. But I still didn't get logged into Commons. It also seems to be happening rather randomly on mobile devices when using mobile view. One time it will not log you into Commons, and then the other time it will.
I'm pretty sure I've worked this out. CentralAuth will only work if the user has previously visited the wiki project the login attempt is made for. Many browsers these days refuse cookies for sites the user has not visited. I'm still investigating but I'm pretty sure an image to a URL counts as a previous visit. See https://bugzilla.wikimedia.org/show_bug.cgi?id=45452
