User cannot log in to your MediaWiki?

I just spent too much time on this. A user could not log in to a wiki I maintain. We tried everything. At some point I must have fixed the main issue but sadly I had introduced a new one. Here is what happened in the hopes that if *you* read this, you can fix it as easily as me (spending much less time on it).

Looking at the browser’s network log we noticed that the wiki first logged them in but then, on the redirect to the main page, deleted the cookies again.

Looking at the debugging log of the wiki I saw:

[authentication] Primary login with MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider succeeded
[authentication] Login for bob succeeded


[DBQuery] wiki BEGIN /* Wikimedia\Rdbms\Database::query (User::saveSettings) */

[DBQuery] wiki
UPDATE /* User::saveSettings */ user
SET user_name = 'bob',user_real_name = '',
user_email = '',
user_email_authenticated = NULL,
user_touched = '20190423202751',
user_token = 'stripped',
user_email_token = NULL,
user_email_token_expires = NULL
WHERE user_id = '3' AND user_touched = '20190423202746'

[DBQuery] wiki ROLLBACK /* MWExceptionHandler::rollbackMasterChangesAndLog */

[exception] [stripped] /w/index.php?title=Special:UserLogin&returnto=Main+Page
MWException from line 4026 of /srv/wiki/w/includes/user/User.php: CAS update failed
on user_touched for user ID '3' (read from replica); the version of the user to be
saved is older than the current version.
#0 /srv/wiki/w/includes/session/SessionBackend.php(648): User->saveSettings()
#1 /srv/wiki/w/includes/deferred/MWCallableUpdate.php(30): MediaWiki\Session\SessionBackend->MediaWiki\Session\{closure}()
#2 /srv/wiki/w/includes/deferred/DeferredUpdates.php(257): MWCallableUpdate->doUpdate()
#3 /srv/wiki/w/includes/deferred/DeferredUpdates.php(210): DeferredUpdates::runUpdate(MWCallableUpdate, Wikimedia\Rdbms\LBFactorySimple, string, integer)
#4 /srv/wiki/w/includes/deferred/DeferredUpdates.php(131): DeferredUpdates::execute(array, string, integer)
#5 /srv/wiki/w/includes/MediaWiki.php(905): DeferredUpdates::doUpdates(string)
#6 /srv/wiki/w/includes/MediaWiki.php(731): MediaWiki->restInPeace(string)
#7 /srv/wiki/w/includes/MediaWiki.php(750): MediaWiki->{closure}()
#8 /srv/wiki/w/includes/MediaWiki.php(554): MediaWiki->doPostOutputShutdown(string)
#9 /srv/wiki/w/index.php(43): MediaWiki->run()
#10 {main}

So after the login succeeded there was an exception which invalidated the session and caused the wiki to delete the cookie on the next page load. The stupid reason for this was that someone (not me, ha ha ha) earlier set the user’s user_touched field to 0 because surely that was a safe value. Setting it to 20190423202746 instead let the user log in just fine. And afterwards it was happily updated by the wiki again.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.