[go: nahoru, domu]
Page MenuHomePhabricator
Create Task
Maniphest T225879

The logout link on Special::UserLogout doesn't respect mobile domain
Closed, ResolvedPublic
Actions

Description

It is not possible to logout from mobile wiki via Special::UserLogout page

Reproduction steps

  1. Login to Wikipedia
  2. Switch To mobile view
  3. Go to LogoutPage (https://en.m.wikipedia.org/wiki/Special:UserLogout)
  4. Click the continue to the log out page link

Expected result: user gets logged out
Current result: MediaWiki UserLogout page shows an error "Log out failed due to session error. Please try again."

Developer notes

This happens when the link to the Special::UserLogout page doesn't contain the logoutToken, then the Mobile Wikipedia shows an intermediate step - it asks for confirmation.
The continue to the log out page link points to the desktop (https://en.wikipedia.org/wiki/Special:UserLogout) UserLogout page, but user is on mobile domain. Most probably because of that
the token is invalid

Related Objects

Event Timeline

DIKW_Pyramid created this task.Jun 16 2019, 7:35 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 16 2019, 7:35 AM
DIKW_Pyramid edited projects, added MobileFrontend; removed MobileFrontend (MobileFrontend Special Pages).Jun 17 2019, 8:58 PM
DIKW_Pyramid updated the task description. (Show Details)
DIKW_Pyramid triaged this task as High priority.Jun 17 2019, 9:00 PM

From my point of view, - this is high priority bug, and sometimes it related to security.

Aklapper changed the task status from Open to Stalled.EditedJun 18 2019, 3:27 PM
Aklapper raised the priority of this task from High to Needs Triage.
Aklapper added a project: MediaWiki-User-login-and-signup.

@DIKW_Pyramid: In the mobile view I choose the logout icon and I end up on the page "Log out - If you wish to log out please continue to the log out page". After clicking that link I get "You are now logged out." so I can successfully log out.

It is unclear to me what the exact bug is in this task, and what does not work for you. Please clarify. If "logout is not possible.", please explain why it is not possible.

Aklapper added a comment.Jun 18 2019, 3:27 PM

(Also resetting priority; see https://www.mediawiki.org/wiki/Phabricator/Project_management#Setting_task_priorities )

pmiazga subscribed.Jun 18 2019, 3:32 PM

@DIKW_Pyramid - the logout link on the MainMenu doesn't specify the domain, it shows only relative link to the Special:UserLogout page.

Are you asking about the intermediate step:

image.png (367×933 px, 20 KB)

If yes, this is currently fixed in T225220: Don't show intermediate step during log out action on the MinervaNeue skin, we stopped showing the intermediate step, and the link on the Logout menu will work properly.

But definitely I see there is an error in the Special::LogoutUser page, that doesn't respect the mobile domain.

pmiazga added a comment.Jun 18 2019, 3:36 PM

@Aklapper I think I know what's the issue, the Special:LogoutPage doesn't respect the mobile domain, it creates the logout link that points to the desktop wikipedia site.

Some time ago, we started adding a logoutToken to the logout link T25227: Use token when logging out, but Minerva skin didn't get that fix, only core. Therefore, Minerva logout shows the desktop Special::UserLogout page and ask for log out confirmation.

pmiazga added a comment.Jun 18 2019, 3:38 PM

I'll edit description, and leave reproduction steps

pmiazga renamed this task from It is not possible to logout from wiki if mobile view is enabled and mobile wiki has separate domain to The logout link on Special::UserLogout doesn't respect mobile domain.Jun 18 2019, 3:44 PM
pmiazga changed the task status from Stalled to Open.
pmiazga updated the task description. (Show Details)
pmiazga added a project: Web-Team-Backlog (Tracking).
DIKW_Pyramid merged a task: Restricted Task.Jun 18 2019, 5:00 PM
DIKW_Pyramid added a comment.Jun 18 2019, 5:18 PM
In T225879#5265902, @pmiazga wrote:

@Aklapper I think I know what's the issue, the Special:LogoutPage doesn't respect the mobile domain, it creates the logout link that points to the desktop wikipedia site.

Yes, exactly! And logout from mobile domain is not possible.

Some time ago, we started adding a logoutToken to the logout link T25227: Use token when logging out, but Minerva skin didn't get that fix, only core. Therefore, Minerva logout shows the desktop Special::UserLogout page and ask for log out confirmation.

Confirmation page is not problem.

Problem that you can't logout at all - en.wikipedia.org only show error message "Log out failed due to session error. Please try again." instead of logout from en.m.wikipedia.org.

Jdlrobson subscribed.Jul 1 2019, 8:48 PM

I think this is the same problem as T156847 ?

Tgr subscribed.Sep 12 2019, 12:01 PM

Is this still valid? This is how the confirmation page looks now:

mobile logout interstitial.png (949×1 px, 36 KB)

and it works fine for me:
mobile logout success.png (949×1 px, 78 KB)

(IMO the confirmation page shouldn't be normally shown to the user. Filed T232734: Mobile logout should not involve an interstitial about that.)

DIKW_Pyramid closed this task as Resolved.Sep 19 2019, 3:24 PM
DIKW_Pyramid claimed this task.
In T225879#5487457, @Tgr wrote:

Is this still valid? This is how the confirmation page looks now:

mobile logout interstitial.png (949×1 px, 36 KB)

and it works fine for me:
mobile logout success.png (949×1 px, 78 KB)

@Tgr, you are right, this issue is now fixed on https://en.m.wikipedia.org/ site. Thank you!

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits