[Bug 62288] Random API issues - authenticated user seems unauthenticated randomly
https://bugzilla.wikimedia.org/show_bug.cgi?id=62288 Ori Livneh o...@wikimedia.org changed: What|Removed |Added CC||o...@wikimedia.org --- Comment #2 from Ori Livneh o...@wikimedia.org --- What is wrong with the way the GeoIP cookie is added to the set-cookie header in the example above? -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 62288] Random API issues - authenticated user seems unauthenticated randomly
https://bugzilla.wikimedia.org/show_bug.cgi?id=62288 Antoine hashar Musso has...@free.fr changed: What|Removed |Added CC||has...@free.fr --- Comment #3 from Antoine hashar Musso has...@free.fr --- We have the exact same issue on the beta cluster, logged as bug 62244. Copy pasting from there: - On deployment-cache-text1.pmtpa.wmflabs I edited /etc/varnish/text-frontend.inc.vcl and commented out the GeoIP snippet added by change 113935: https://gerrit.wikimedia.org/r/#/c/113935/6/templates/varnish/text-frontend.inc.vcl.erb,unified ) Restarted varnish with: /etc/init.d/varnish restart ; /etc/init.d/varnish-frontend restart I then ran Chris script and I received three cookies: Set-Cookie: centralauth_Session=3428f185da995eaaf9550ae54b4e634f; path=/; httponly Set-Cookie: centralauth_User=TestBug16864; expires=Sat, 05-Apr-2014 09:34:59 GMT; path=/; httponly Set-Cookie: centralauth_Token=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; httponly Location: http://en.wikipedia.beta.wmflabs.org/wiki/Special:CentralLogin/complete?token=ef3afb1dbc82549c1655b6841d8614ae Age: 0 X-Cache: deployment-cache-text1 miss (0), deployment-cache-text1 frontend miss (0) Cache-Control: private, s-maxage=0, max-age=0, must-revalidate - Your bug report seems to indicate that happens in production as well. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 62288] Random API issues - authenticated user seems unauthenticated randomly
https://bugzilla.wikimedia.org/show_bug.cgi?id=62288 --- Comment #4 from Antoine hashar Musso has...@free.fr --- This might have been fixed by Faidon with: https://gerrit.wikimedia.org/r/#/c/117004/ which Disable cookie-based geolocation on text varnishes. Can you please try again? -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 62288] Random API issues - authenticated user seems unauthenticated randomly
https://bugzilla.wikimedia.org/show_bug.cgi?id=62288 --- Comment #5 from Brad Jorsch bjor...@wikimedia.org --- (In reply to Ori Livneh from comment #2) What is wrong with the way the GeoIP cookie is added to the set-cookie header in the example above? You mean for example in this header: Set-Cookie: centralauth_User=ClueBot+III; expires=Fri, 04-Apr-2014 23:27:10 GMT; path=/; domain=.wikipedia.org; httponly; GeoIP=v4; path=/ It's not adding a GeoIP cookie at all, according to RFC 6265. It's adding to extra parameters to the end of the centralauth_User cookie. The more important issue is that the other six Set-Cookie headers that should have been in the response are entirely missing. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 62288] Random API issues - authenticated user seems unauthenticated randomly
https://bugzilla.wikimedia.org/show_bug.cgi?id=62288 --- Comment #6 from Brad Jorsch bjor...@wikimedia.org --- (In reply to Antoine hashar Musso from comment #4) This might have been fixed by Faidon with: https://gerrit.wikimedia.org/r/#/c/117004/ which Disable cookie-based geolocation on text varnishes. Can you please try again? The issue is currently not occurring with the same bot script that was showing the issue last night. I observe that the Set-Cookie headers do not have ; GeoIP=v4; path=/ appended. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 62288] Random API issues - authenticated user seems unauthenticated randomly
https://bugzilla.wikimedia.org/show_bug.cgi?id=62288 Damian Z dam...@damianzaremba.co.uk changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #7 from Damian Z dam...@damianzaremba.co.uk --- I can confirm that change being pulled out has fixed the bots. Been happily editing ever since and upon restart get all the cookies etc set properly as described above. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 62288] Random API issues - authenticated user seems unauthenticated randomly
https://bugzilla.wikimedia.org/show_bug.cgi?id=62288 Antoine hashar Musso has...@free.fr changed: What|Removed |Added Resolution|FIXED |DUPLICATE --- Comment #8 from Antoine hashar Musso has...@free.fr --- This was fixed around 9:30am UTC by Faidon who disabled a Varnish feature deployed yesterday. Details at https://bugzilla.wikimedia.org/show_bug.cgi?id=62244#c19 I am marking this bug as a dupe of bug 62244 since that is where we have the technical details and script to reproduce the issue. *** This bug has been marked as a duplicate of bug 62244 *** -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 62288] Random API issues - authenticated user seems unauthenticated randomly
https://bugzilla.wikimedia.org/show_bug.cgi?id=62288 jeremyb bugzilla+org.wikime...@tuxmachine.com changed: What|Removed |Added Component|Site requests |General/Unknown -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 62288] Random API issues - authenticated user seems unauthenticated randomly
https://bugzilla.wikimedia.org/show_bug.cgi?id=62288 Brad Jorsch bjor...@wikimedia.org changed: What|Removed |Added CC||bjor...@wikimedia.org --- Comment #1 from Brad Jorsch bjor...@wikimedia.org --- HTTP/1.1 200 OK Server: Apache X-Powered-By: PHP/5.3.10-1ubuntu3.9+wmf1 X-Content-Type-Options: nosniff Cache-control: private P3P: CP=This is not a P3P policy! See http://en.wikipedia.org/wiki/Special:CentralAutoLogin/P3P for more info. X-Frame-Options: SAMEORIGIN Content-Encoding: gzip Vary: Accept-Encoding X-Vary-Options: Accept-Encoding;list-contains=gzip Content-Type: application/vnd.php.serialized; charset=utf-8 X-Varnish: 2852251622, 1518781136 Via: 1.1 varnish, 1.1 varnish Content-Length: 205 Accept-Ranges: bytes Date: Wed, 05 Mar 2014 23:27:10 GMT Age: 0 Connection: keep-alive X-Cache: cp1066 miss (0), cp1067 frontend miss (0) * Added cookie centralauth_User=ClueBot+III for domain wikipedia.org, path /, expire 1396654030 Set-Cookie: centralauth_User=ClueBot+III; expires=Fri, 04-Apr-2014 23:27:10 GMT; path=/; domain=.wikipedia.org; httponly; GeoIP=v4; path=/ * Closing connection #0 There should be additional cookies being set here: centralauth_Token, centralauth_Session, probably forceHTTPS, and also enwikiUserID and enwikiUserName. The one Set-Cookie header here looks weird too. Why the additional ; GeoIP=v4; path=/ after the cookie? I bet this has something to do with the new GeoIP stuff they did recently, it smells like their code is screwing up any existing Set-Cookie headers in the response. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
