GNOME Bugzilla – Bug 793336
Cannot login to phabricator.wikimedia.org
Last modified: 2018-03-05 18:56:48 UTC
No problem in chromium, but in ephy clicking Login on https://phabricator.wikimedia.org/ gives Authentication Failure Your login session is invalid, and clearing the session cookie was unsuccessful. Try clearing your browser cookies. (As the user, having even less of a clue of which cookie it is talking about, will probably have to clear all the cookies in his browser. So instead,) He tries it again in an incognito window and then clicking on the wikimedia (left) login gives Auth Unhandled Exception ("AphrontMalformedRequestException") Unhandled Exception ("AphrontMalformedRequestException") Your browser did not submit a "phcid" cookie with client state information in the request. Check that cookies are enabled. If this problem persists, you may need to clear your cookies.
So did you clear your browser cookies? Unclear from what you wrote.
It works if you enable third-party cookies. Sorry, but the website is broken and will have to be fixed.
(In reply to Michael Catanzaro from comment #2) > It works if you enable third-party cookies. Sorry, but the website is broken > and will have to be fixed. It might also be solved by bug #792130, not sure. I loosened the third-party cookie policy a bit there. But I wouldn't bet on it.
No I didn't touch any cookies. As chromium works fine it must be a browser problem and not a website problem.
That's not how the web works... our standard of correctness is Safari, not Chromium. We intentionally have a much stricter cookie policy than Chromium, even though it can break websites that rely on third-party cookies. Websites must not do this. If https://phabricator.wikimedia.org/ works in Safari, and that libsoup patch does not fix the issue as I hope, then we might need to implement third-party cookie grandfathering in libsoup after all, because that's what Safari does. Hopefully Phabricator is not relying on that, though, because it's pretty evil: the trick there is to redirect the user to a third-party domain in the main document, then quickly redirect back before the user notices. Then Safari will allow third-party cookies from that domain, because it's no longer considered third-party. I have a patch to implement that in bug #792130, but we decided not to push it unless we find it actually fixes some specific important website.
Ah, https://en.wikipedia.org/wiki/Safari_(web_browser) . Well there's no way I could install it here. So I'll leave further testing in your hands.
https://en.wikipedia.org/wiki/Safari_(web_browser%29 .
(In reply to Michael Catanzaro from comment #3) > It might also be solved by bug #792130, not sure. I loosened the third-party > cookie policy a bit there. But I wouldn't bet on it. Ironically, we just reverted this commit because it broke logging in to Phabricator. :P That's not your problem though, unless you've been secretly using unstable development releases of libsoup.