Jump to content

Manual:Cómo depurar/Problemas de inicio de sesión

From mediawiki.org
This page is a translated version of the page Manual:How to debug/Login problems and the translation is 26% complete.
Outdated translations are marked like this.

Los problemas de inicio de sesión(como no poder iniciar sesión, cerrar sesión de inmediato, cerrar sesión aleatoriamente, no poder editar debido a errores de "pérdida de datos de sesión") pueden ser causados por una gran variedad de cosas, que hace que depurarlos sea difícil.

Cuando se investiga o se reportan errores, aquí hay algunos consejos.

For users

  • If the problem is being unable to login because of "There seems to be a problem with your login session..." errors, clearing all cookies for that site usually helps.
  • When making a bug report, always include what browser (and what version of it) you are using, whether you are using it in incognito mode, and whether you are using non-default privacy/security settings (such as "block third-party cookies").
    • If possible, include a precise date and time of when you experienced the problem, so it can be correlated with system logs.
  • You don't have to do an in-depth investigation just to file a bug report, but if you do want to, here are some kinds of information that are usually helpful:
    • ¿Persiste luego de borrar las cookies del dominio del wiki? ¿Cuando se inicia sesión usando el modo incógnito? ¿Cuando se inicia sesión en un navegador diferente?
    • Si usas bloqueadores de anuncios o complementos de privacidad del navegador, ¿están bloqueando algo? ¿Funciona si los desactivas?
    • ¿Afecta a todas tus cuentas de usuario o sólo a una?
    • ¿La opción "recuérdame" hace alguna diferencia? (Limpia las cookies antes de cualquier intento.)
    • Si los problemas pasan en un wiki de Wikimedia, intenta iniciar sesión en otro otro wiki, preferiblemente uno que no comparta un nombre de dominio de segundo nivel (si los problemas pasan en xy.wikipedia.org, intenta por ejemplo en xy.wiktionary.org).
    • Si la información anterior no es suficente para diagnosticar el problema (lo cual es casi siempre el caso), necesitarás tener datos de depuración detallados: For that, you need to capture the relevant HTTP requests and responses (i.e. visiting the login page + submitting the login form + the resulting redirect; if the wiki uses single sign-on then all the requests to Special:CentralLogin and Special:CentralAutoLogin as well). This can be done by using the Network tab in the Developer Tools of your web browser (more information: Firefox; Internet Explorer, Chrome and Chromium, Safari). Dumping to a HAR file is an easy way to log all required data.
      • Note that this includes security-sensitive data (such as your session ID); when sharing the information as part of a bug report, you need to use a private paste (privileged access for developers). You are encouraged to remove your password from the report (in the case of a HAR file, you can just open it as a text file, search for the password and replace it with something else) and to log out and log back in afterwards.

For developers

When debugging the default MediaWiki login, look for the following things:

  • On Special:Userlogin, does the website set the <wikiID>Session cookie? Is the cookie sent back correctly when the login form is submitted? Does the cookie value persist during multi-step login (e.g. 2FA)? Does the session exist in the backend (you can check with ObjectCache::getInstance( $wgSessionCacheType ) )->get( "MWSession:$sessionCookieValue" ), using shell.php ).
    • If you are debugging an API-based login, the cookie should instead be set by the response to meta=tokens and returned in the action=login request. Clients failing to do this is the most common source of login errors. (Note that the best practice for bots and similar clients is to use owner-only consumers and not use login at all.)
  • After a successful login, are the <wikiID>Session, <wikiID>UserName, <wikiID>UserId, <wikiID>Token cookies set (the last one only when the "keep logged in" checkbox was used)? Do the userId / userName / userToken fields match in the data stored in the backend? Does the token match the value of user.user_token in the database?
  • If you want to check things with a debugger like XDebug, for session/cookie problems the interesting parts tend to be the provideSessionInfo() method of the session provider (usually CookieSessionProvider), and SessionManager::loadSessionInfoFromStore. For problems with processing the submitted login request, it's AuthManager::continueAuthentication() and the getAuthenticationRequests() and beginPrimaryAuthentication() methods of the primary authentication provider (by default LocalPasswordPrimaryAuthenticationProvider). Note that these are pretty complex codebases and will be hard to understand if you aren't familiar with SessionManager and AuthManager.
  • See also the advice about logging in the next session.

When debugging CentralAuth (e.g. Wikimedia sites), the things to look for:

  • On top of the normal cookies, there should also be centralauth_Session, centralauth_User and (with the "keep logged in" option) centralauth_Token (typically set on the parent domain). These should be enough to recreate the other cookies when those are missing. The session cookie corresponds to the central session; its data can be checked with MediaWiki\MediaWikiServices::getInstance()->get( 'CentralAuth.CentralAuthSessionManager')->getCentralSessionById( $sessionCookieValue ) (using shell.php ). The token corresponds to globaluser.gu_auth_token in CentralAuth's shared database.
  • After a successful login, there should be a chain of redirects to Special:CentralLogin/startSpecial:CentralLogin/complete → back to the initial page (or returnTo target). The /start step sets up a stub central session, and sets cookies for the central domain; the /complete step finalizes the central session, and sets cookies for the local domain. (See phpdoc in SpecialCentralLogin for a more detailed description.) Are the cookies emitted as expected? Does the browser actually persist them? Is the data stored in the central session backend correct? If this step doesn't work, edge login / autologin won't work either.
    • The "keep logged in" flag (ie. the centralauth_Token cookie) is set in a separate step, by a request to Special:CentralAutoLogin/refreshCookies that's triggered from an ‎<img> tag when the rest of the autologin is finished. Are the cookies emitted? Does the browser actually persist them? When this step doesn't work, edge login / autologin will stop working when the central session expires in a day or so.
  • Right after central login, edge login is triggered: For every wiki in $wgCentralAuthAutoLoginWikis, there is a redirect chain to various Special:CentralAutologin subpages (/start → /checkLoggedIn → /createSession → /validateSession → /setCookies) via an image embedded in the page. The setCookies step should create a local session and set the session cookies. Are the cookies emitted? Does the browser actually persist them?
  • When visiting a wiki where you do not have an active session (and no shared cookies on the parent domain to create one), central autologin is triggered. This is basically the same as edge login, just in a script tag instead of an image tag, and the same things should be verified.
    • When central autologin fails, further attempts are prevented by setting the CentralAuthAnon localStorage flag; you might need to clear that when testing.
  • When visiting the login page while not having an active session, top-level autologin is triggered. This is basically the same as normal autologin, just with the whole page being redirected, instead of an embedded image doing the redirects, and the same things should be verified.

There's an overview of CentralAuth authentication features available.

For site administrators

  • Check what session backend is being used ($wgSessionCacheType ), and make sure it works (data is actually persisted between requests). La configuración más segura es $wgSessionCacheType = CACHE_DB;. Si no estás seguro de cómo está configurado, añade esta configuración al final de tu LocalSettings.php.
  • Asegúrate que session.auto_start no está establecido como 1 o true, de otra forma las sesiones de PHP sobrescribirán las de MediaWiki. (task T159567)
  • Asegúrate de que session.referer_check está establecido como una cadena vacía. Marca las sesiones como inválidas si está configurado incorrectamente.
  • Si está establecido, asegúrate que $wgCookieDomain y $wgCookiePath estén correctos.
  • Si $wgCookieSecure está establecido como true, tu servidor web debe ser servido con HTTPS
  • Ensure the hostnames match in MediaWiki and Apache httpd.conf. For example, for the domain example.com and the web server located at www.example.com:
    # LocalSettings.php
    $wgServer           = '//www.example.com';
    $wgCanonicalServer  = 'https://www.example.com';
    $wgSitename         = 'Example Wiki';
    
    $wgSecureLogin      = true;
    $wgCookieHttpOnly   = true;
    $wgCookieSecure     = 'detect';
    
    And:
    # httpd.conf
    <VirtualHost *:80>
       ...
       ServerName example.com
       ServerAlias www.example.com *.example.com
       Redirect permanent / https://example.com/
       ...
    </VirtualHost>
    
    <VirtualHost *:443>
       ...
       SSLEngine on
       ServerName example.com
       ServerAlias www.example.com *.example.com
       ...
    </VirtualHost>
    
  • If you file a bug report:
    • Report what MediaWiki version you use and what session providers you are using (the value of $wgSessionProviders ).
    • Check your logs for relevant records, especially the authentication, session, cookie, objectcache channels (besides the usual exception, error, fatal). Also captcha if your are looking into CAPTCHA issues, and CentralAuth if you are using that extension.
    • For certain types of cache you can get more information by setting debug mode:
      $wgHooks['SetupAfterCache'][] = function () {
          global $wgSessionCacheType;
          ObjectCache::getInstance( $wgSessionCacheType )->setDebug( true );
      };
      
    • Por favor no reúses reportes de errores viejos a menos que estés seguro de que es la misma causa. Hay muchos reportes sobre problemas pasados, y mientras tanto los síntomas generalmente se verán vagamente similares a los suyos (solo hay muchas formas en las que el inicio de sesión puede fallar), es probable que la causa sea diferente.