Page MenuHomeMiraheze
Create Task
Maniphest T6664

Cannot log back in after cookies update, again
Closed, ResolvedPublic
Actions

Description

Once again when trying to log into Miraheze I'm getting the following message "There seems to be a problem with your login session; this action has been canceled as a precaution against session hijacking." The previous time was T6558. Once again I've had to go through the process of opening private browsing mode, using the Special:UserLogout page, and deleting cookies. The process worked for Google Chrome this time around, but did not for IE or Edge.

Since the previous time this was happening, when Miraheze reset how its cookies were handled, I've been using Google Chrome and IE without issue. What changed today was the first time I had to reboot my computer since then. After resetting the computer I was again getting the previously mentioned session hijacking message when it had been working fine before.

Am I going to have to go through this long process every time I reboot my computer? Is there anyway for your team to streamline the process so it's easier for users to reset their cookies when it happens? Maybe tone down the security so that it doesn't think valid daily users are trying to hijack their own accounts or go back to the old way which didn't have these issues? Would still love to be using Edge again when working on my Miraheze wiki.

Related Objects

Event Timeline

Ertosi created this task.Dec 29 2020, 04:00
Herald added subscribers: Unknown Object (User), RhinosF1. · View Herald TranscriptDec 29 2020, 04:00
Reception123 triaged this task as Normal priority.Dec 29 2020, 06:50
Reception123 added a project: MediaWiki.
Herald added subscribers: Void, Reception123, NDKilla. · View Herald TranscriptDec 29 2020, 06:50
Reception123 added a comment.Dec 29 2020, 06:51

Hi. I'm really sorry for the inconveniences we've caused this year with multiple changes to the login process. Have you tried the steps here T6558#128931 for IE?

Unknown Object (User) merged a task: T6668: Log in error.Dec 30 2020, 02:18
Unknown Object (User) added a subscriber: Nyl.
Unknown Object (User) moved this task from Backlog to Bugs on the MediaWiki board.Dec 30 2020, 02:24
Ertosi added a comment.Dec 30 2020, 04:17

Yes Reception123, I've tried the steps at T6558#128931 for IE. Multiple times and it's not working this time around for IE. This time around it worked first try for Chrome, eventually worked for Edge, but won't work for IE even after multiple tries.

Last time around it worked for IE immediately, but not for Edge even after multiple tries, and wasn't needed for Chrome as I had never used that browser to work on my Miraheze wiki yet.

My real concerns are two fold. First, this shouldn't be happening multiple times; something needs to be toned down a bit security-wise because its disruptive to normal editing. Second, with having to go through this process each time my PC needs to reboot, and with which browsers the cookie reset process works on being hit and miss each time, I'm quite concerned that one of these times I'll have the misfortune of being locked out across the board and unable to log in at all.

Reception123 added a comment.Dec 30 2020, 06:54
In T6664#131109, @Ertosi wrote:

Yes Reception123, I've tried the steps at T6558#128931 for IE. Multiple times and it's not working this time around for IE. This time around it worked first try for Chrome, eventually worked for Edge, but won't work for IE even after multiple tries.

Last time around it worked for IE immediately, but not for Edge even after multiple tries, and wasn't needed for Chrome as I had never used that browser to work on my Miraheze wiki yet.

My real concerns are two fold. First, this shouldn't be happening multiple times; something needs to be toned down a bit security-wise because its disruptive to normal editing. Second, with having to go through this process each time my PC needs to reboot, and with which browsers the cookie reset process works on being hit and miss each time, I'm quite concerned that one of these times I'll have the misfortune of being locked out across the board and unable to log in at all.

Would you like us to try and reset your login token?

Also, even if we wanted to "tone down" security, that wouldn't be possible due to strict privacy laws in the European Union and the United Kingdom which would not permit that.

Nyl added a comment.Jan 4 2021, 05:51

Hello,

Some of our members are still unable to log in, this time with an "invalid CSRF Token" error rather than what I mentioned in my duplicate post.

Zppix subscribed.Jan 7 2021, 00:12

@Nyl First, delete ALL your cookies for *.miraheze.org and any Miraheze wikis to which you attached your account that had a custom domain (i.e. publictestwiki.com or allthetropes.org). Second, open the private browsing mode of your web browser and login at https://login.miraheze.org/wiki/Special:UserLogin, then, in the same window, go to https://login.miraheze.org/wiki/Special:UserLogout Finally, open the regular browsing mode of your web browser, delete your cookies for *.miraheze.org (and any custom domains again) and try and login (on Meta and on a wiki with a custom domain). Let me know if that resolves it

Unknown Object (User) closed this task as Resolved.Jan 9 2021, 05:42
Unknown Object (User) claimed this task.

What @Zppix said above should resolve the issue.

Herald added a project: Universal Omega. · View Herald TranscriptJan 9 2021, 05:42