Manual:How to debug/Login problems
Login or session problems (such as not being able to log in, immediately getting logged out, randomly getting logged out, not being able to edit due to "loss of session data" errors) can be caused by a large variety of things, which makes debugging them hard.
When investigating or reporting errors, here are a few tips.
- Try to collect information about various aspects of the error:
- Does it persist after clearing cookies for the wiki domain? When logging in using incognito mode? When logging in with a different kind of browser?
- If you use any ad blockers or browser privacy add-ons, are they blocking anything? Does it work if you turn them off?
- Does it affect all user accounts, or just one?
- Does the "remember me" flag make any difference? (Clear cookies before attempts.)
- If the problems are happening on a Wikimedia wiki, try logging in on another wiki, preferably one that does not share a second-level domain name (so if the problem happens on xy.wikipedia.org, try for example xy.wiktionary.org).
- If the problems are happening on your own wiki, what MediaWiki version do you use? (Session and login handling has been fully rewritten in 1.27.) Pre-1.27, check the value of
$wgSessionsInObjectCache; if it is false, test that your PHP session handling is working (e.g. thatsession.save_pathis writable). If it is true, see what session providers (SessionProvidersubclasses) you are using.
- If the problems are happening on your own wiki, check what session backend is being used (
$wgSessionCacheType), and make sure it works (data is actually persisted between requests). The most safe configuration is$wgSessionCacheType = CACHE_DB;. If you're unsure about how it's configured, add this setting at the end of your LocalSettings.php. - Please do not reuse old bug reports unless you are sure it's the same cause. There are lots of reports about past issues, and the while symptoms will usually look vaguely similar to yours (there are only so many ways login can fail) the cause is likely to be different.
Some additional checks:
- Be sure session.auto_start is not set to 1 or true, otherwise PHP sessions will overwrite MediaWiki sessions. (task T159567)
- Be sure session.referer_check is set to an empty string. It marks sessions as invalid if configured incorrectly.
- If set, be sure
$wgCookieDomainand$wgCookiePathare correct. - If
$wgCookieSecureis set to true, your webserver must be served with HTTPS.
If the above information is not enough to diagnose the issue (which is usually the case), you'll need to get detailed debug data:
- Capture the relevant HTTP requests and responses (i.e. visiting the login page + submitting the login form + the resulting redirect; if the wiki uses single sign-on then all the requests to
Special:CentralAutoLoginas well). This can be done by using the Network tab in the Developer Tools of your web browser (more information: Firefox; Internet Explorer, Chrome and Chromium, Safari). Note this includes security-sensitive data (such as your session ID); when reporting bugs, either sanitize them or create a private paste. (Dumping to a HAR file is an easy way to log all required data.) - If the problems are happening on your own wiki, check your logs for relevant records, especially the
session,cookie,authentication,objectcachechannels.
| MediaWiki version: | ≤ 1.35 |
- For certain types of cache you can get more information by setting debug mode:
$wgHooks['SetupAfterCache'][] = function () { global $wgSessionCacheType; ObjectCache::getInstance( $wgSessionCacheType )->setDebug( true ); };
- Ensure the hostnames match in MediaWiki and Apache
httpd.conf. For example, for the domainexample.comand the web server located atwww.example.com:
# LocalSettings.php $wgServer = '//www.example.com'; $wgCanonicalServer = 'https://www.example.com'; $wgSitename = 'Example Wiki'; $wgSecureLogin = true; $wgCookieHttpOnly = true; $wgCookieSecure = 'detect';
- And:
# httpd.conf <VirtualHost *:80> ... ServerName example.com ServerAlias www.example.com *.example.com Redirect permanent / https://example.com/ ... </VirtualHost> <VirtualHost *:443> ... SSLEngine on ServerName example.com ServerAlias www.example.com *.example.com ... </VirtualHost>