Last modified: 2013-08-28 17:46:21 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T55424, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 53424 - After log out, CentralAuth logs me back in immediately
After log out, CentralAuth logs me back in immediately
Status: RESOLVED FIXED
Product: MediaWiki extensions
Classification: Unclassified
CentralAuth (Other open bugs)
unspecified
All All
: Highest normal (vote)
: ---
Assigned To: Brad Jorsch
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-08-27 20:48 UTC by Matthew Flaschen
Modified: 2013-08-28 17:46 UTC (History)
6 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Matthew Flaschen 2013-08-27 20:48:14 UTC 
I can reproduce this currently on English Wikipedia.

1. Hard refresh to confirm I'm logged in.
2. Click "Log out" in upper right.
3. While I'm still on the login screen, CentralAuth logs me in in the background, then shows the mw.notify message.

In case, it's relevant, I was testing something unrelated without JS shortly before, but while doing this test, JS is enabled.
Comment 1 Maryana Pinchuk 2013-08-27 22:13:17 UTC 
Just spotted this on Mediawiki.org. I can't log out of my volunteer account and log back in with WMF account :-/
Comment 2 Matthew Flaschen 2013-08-27 22:14:32 UTC 
Also, quiddity said the same on Wikidata.org, so it doesn't sound related to my no-JS testing.

As a workaround, you can delete all the cookies related to CentralAuth then log out again.
Comment 3 Chris Steipp 2013-08-27 23:29:58 UTC 
Only if you use "keep me logged in". Not able to reproduce this locally.

I'm a little suspicious of the cache change, since it seems that /checkLoggedIn is sending back the gu_id, even though the session and token should be invalid.

Brad, can you also take a look at this when you get a minute?
Comment 4 Matthew Flaschen 2013-08-27 23:32:37 UTC 
(In reply to comment #3)
> Only if you use "keep me logged in". Not able to reproduce this locally.

"keep me logged in" is meant to be relevant to cookie duration.  If you explicitly log out, that means you want to log out.
Comment 5 Matthew Flaschen 2013-08-27 23:33:22 UTC 
(In reply to comment #4)
> "keep me logged in" is meant to be relevant to cookie duration.  If you
> explicitly log out, that means you want to log out.

Sorry, I think I misunderstood your point.
Comment 6 Chris Steipp 2013-08-28 16:34:14 UTC 
Is anyone able to reproduce this today? Neither Brad nor I are able to see it happening.
Comment 7 Chris Steipp 2013-08-28 17:46:21 UTC 
It looks like a patch was temporarily reverted for about 3 hours yesterday (afternoon PDT), and then reapplied, which would cause this. I'm going to close this as fixed. Please reopen if anyone is able to reproduce this today.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links