For anyone who missed it four months ago, this subthread is in response to
https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084714.html
On Fri, Jun 17, 2016 at 6:30 AM, Gergo Tisza <gtisza(a)wikimedia.org> wrote:
On Fri, Jun 17, 2016 at 9:15 AM, Federico Leva (Nemo)
<nemowiki(a)gmail.com>
wrote:
I just had to separately and manually login three
times (on Meta, then on
Wikipedia, then on
MediaWiki.org) in order to be logged in on most
wikis. I
don't find any page explaining whether
it's normal for global login to
require entering my password 3+ times. If it's expected and documented, I
can stop worrying.
The expectation for single sign-on is that you sign-on a single time and
then you are signed on everywhere. If that's not what happens, feel free to
file a bug, ideally with a HAR file or something equivalent.
Note: A "HAR file" is a log of the HTTP requests and responses. Without
some kind of log like this your bug is unlikely to receive much feedback
beyond a request to provide one, since the process depends heavily on the
details of the HTTP requests.
But first, check your cookie settings. If you have third-party cookies
blocked, single sign-on just isn't going to work because it has to rely on
third-party cookies to function. An "Only allow from sites I've visited"
setting may work, depending on how exactly the browser implements it.
Specifically, if the browser either ignores the cookies sent during the
redirect to loginwiki or refuses to send them back to loginwiki for the
<img> or <script> checks, single sign-on just isn't going to work for
you.
Similarly, if it ignores the cookies sent by the <img> tag for the other
domains (or an ad blocker or privacy blocker blocks the 1x1 images), those
other domains are going to have to rely on the first-visit script to log
you in and will be subject to the caveat that if you visited them before
logging in the first-visit script won't run.
--
Brad Jorsch (Anomie)
Senior Software Engineer
Wikimedia Foundation