I have experienced this too and I believe it's been a problem for why (I believe there may even be another bug open) but have no idea what causes it. Am happy to advise/make appropriate changes in MobileFrontend if somebody that can understand CentralAuth can tell me what's going wrong.

I don't see how this task is related to those errors. All the script in question does is update the personal toolbar so it looks like you are logged in. (You are, in fact, logged in at that point, but the page was rendered earlier; so this is a hack to avoid reloading the page after an AJAX-based login.) Script errors are inconsequential; at worst the user toolbar will look weird, or will not look logged-in until you reload the page.

Sorry for confusion @Tgr I meant to post this on: T262846 Correcting..

(I don't disagree about this being a high-priority issue, FWIW, I'm just pretty sure the cause lies elsewhere.)

This happened in Wikidata in my phone. while I successfully logged-in at Wikipedia and Commons, I stay logged out at Wikidata only in the mobile domain, while in the desktop version stays logged in.

This is more than annoying, and I agree this task should be high priority since more than a year passed since this issue was opened.

I sort of doubt T312042 is a dupe of this. A megadott hitelesítési token lejárt vagy érvénytelen. is centralauth-error-badtoken from the CentralAuth extension. In English that's The provided authentication token is either expired or invalid.

In T312042 I got No active login attempt is in progress for your session. which is centralauth-error-nologinattempt. Also, I was directed to the desktop domain which I don't see happening here.

Similar tasks / possible duplicates:

• T318138: Cannot manually log in on mobile Wikidata (real or test) (for m.wikidata.org; similar but browser ends up on the non-mobile domain at the end, and the error is centralauth-error-nologinattempt)
• T253620: Logged out after switching between mobile and desktop site on the log-in page and later back again (marked resolved but not really; cookies not shared between desktop and mobile domain for e.g. Wikipedia; reproduction steps start with going to desktop login, then mobile login, then logging in, then going back to desktop, so maybe the anon session started on the desktop login page interferes somehow)
• T225814: m.wikidata: login status not detected (login state not shared between desktop and mobile Wikidata)
• T200719: CentralAuth AutoLogin not working for MediaWiki mobile site (login state not transferring from mobile enwiki to mobile mediawikiwiki on Firefox; reported in 2018 when Firefox didn't block third-party cookies yet)
• T112730: Failure to OAuth after login on mobile (starts on desktop domain on www.mediawiki.org, ends up on mobile one with centralauth-error-nologinattempt error in /complete step; the login starts because the user is sent to the OAuth authorize form but that's probably not relevant)
• T198515: "No active login attempt is in progress for your session" (LG K10 (2017)) (centralauth-error-nologinattempt on Commons)
• T312042: After log in on mobile Beta Commons, user gets redirected to non-mobile page (and is not logged in there) (for Beta Commons; user ends up on the desktop domain, with centralauth-error-nologinattempt)
• T335125: Account creation attempt on mobile Wikipedia domain leads user to desktop Special:CentralLogin/complete, often in logged-out state (is about account creation; user ends up on desktop domain, with centralauth-error-nologinattempt error and (sometimes) logged out)

T318138#8919988 points out that we have some special-casing for a few wikimedia.org domains (see explanation at T49647#525483; the beta version is a bit more flexible) so either that's unnecessary or the rest of wikimedia.org domains likely don't work. That might be a distinct issue happening on top of the one described in this task (which does affect non-wikimedia.org wikis).

There's another suspicious special-casing when unsetting the current domain in $wgCentralAuthAutoLoginWikis. (That should probably be fixed in CentralAuth so the config hack isn't needed. Maybe hard because of mobile domains?) Affects wikimedia.org edge login wikis that aren't Commons or Meta (that is, Wikispecies, Incubator, Wikimania and api.wikimedia.org).

T225814#5402942 points out that the cookie domain for Wikidata is www.wikidata.org (instead of wikidata.org), which seems wrong. (Maybe to avoid conflict with test.wikidata.org? In theory that shouldn't be a problem...) Same for Wikifunctions.

T225814#5992589 / T225814#5992609 points out that MobileContext::getMobileUrl() gives bogus results for URLs from a different wiki (because the mobile domain template is set per-wiki: prod, labs), which is sometimes needed by CentralAuth.

So that's at least four error clusters (which might or might not have the same cause): mobile login fails with centralauth-error-badtoken, mobile login fails with centralauth-error-nologinattempt, mobile and desktop site doesn't share login state, different mobile sites do not share login state.

And at least four broken things in code which might cause some of this (or not): mobile domain not correctly applied to some wikimedia.org wikis in WebResponseSetCookie, mobile domain not correctly taken into account for some wikimedia.org wikis when unsetting the current domain in $wgCentralAuthAutoLoginWikis, shared cookie domain not being the parent domain for Wikidata / Wikifunctions, and cross-wiki mobile domain URL generation broken in between wikis which have a different domain structure.

Change 966798 had a related patch set uploaded (by Gergő Tisza; author: Gergő Tisza):

[operations/mediawiki-config@master] Generalize Meta/Commons exceptions for CentralAuth cookie handling

https://gerrit.wikimedia.org/r/966798

Logging in on hu.m.wiktionary.org (in mobile simulation mode on desktop Chrome) worked fine. Some of the edge login links are bogus:

GET https://www.m.mediawiki.org/wiki/Special:CentralAutoLogin/start?type=1x1&from=huwiki&mobile=1 net::ERR_NAME_NOT_RESOLVED
GET https://www.m.wikidata.org/wiki/Special:CentralAutoLogin/start?type=1x1&from=huwiki&mobile=1 net::ERR_NAME_NOT_RESOLVED
GET https://www.m.wikifunctions.org/wiki/Special:CentralAutoLogin/start?type=1x1&from=huwiki&mobile=1 net::ERR_NAME_NOT_RESOLVED

and unsurprisingly, edge login and autologin on those wikis fails. (For autologin it's the same issue, m.mediawiki.org redirects to login.wikimedia.org, but then login.wikimedia.org wants to redirect to www.m.mediawiki.org.) But the other wikis seem to mostly work fine, even unusual ones like Wikisource or Outreach. (Wikimania only worked on the second try, for some reason.) Somewhat suprisingly, central login on mediawiki.org also works, even though that involves a similar redirect chain; and generating edge login links from mediawiki.org to other wikis works too, except the links to Wikidata / Wikifunctions. The code snippet in T225814#5992589, when executed on mediawikiwiki, works correctly for wikidatawiki (which has the same mobile domain structure) and fails for loginwiki (which has a different mobile domain structure) so not sure what's going on.

Change 967394 had a related patch set uploaded (by Gergő Tisza; author: Gergő Tisza):

[operations/mediawiki-config@master] CentralAuth: Use second-level domain for cookies for www.* wikis

https://gerrit.wikimedia.org/r/967394

Change 967394 merged by jenkins-bot:

[operations/mediawiki-config@master] CentralAuth: Clarify why we don't use second-level domain for some wikis

https://gerrit.wikimedia.org/r/967394

Mentioned in SAL (#wikimedia-operations) [2023-10-24T20:16:35Z] <jdrewniak@deploy2002> Started scap: Backport for [[gerrit:967208|Update comment about EditAttemptStep instruments]], [[gerrit:967394|CentralAuth: Clarify why we don't use second-level domain for some wikis (T257852)]], [[gerrit:967973|Remove unused VisualEditor config settings (T344757 T344759)]], [[gerrit:967995|[noop] Explain more thoroughly how the '-' prefix works]]

Mentioned in SAL (#wikimedia-operations) [2023-10-24T20:17:58Z] <jdrewniak@deploy2002> tgr and matmarex and jdrewniak: Backport for [[gerrit:967208|Update comment about EditAttemptStep instruments]], [[gerrit:967394|CentralAuth: Clarify why we don't use second-level domain for some wikis (T257852)]], [[gerrit:967973|Remove unused VisualEditor config settings (T344757 T344759)]], [[gerrit:967995|[noop] Explain more thoroughly how the '-' prefix works]] synced to the testservers (htt

Mentioned in SAL (#wikimedia-operations) [2023-10-24T20:23:56Z] <jdrewniak@deploy2002> Finished scap: Backport for [[gerrit:967208|Update comment about EditAttemptStep instruments]], [[gerrit:967394|CentralAuth: Clarify why we don't use second-level domain for some wikis (T257852)]], [[gerrit:967973|Remove unused VisualEditor config settings (T344757 T344759)]], [[gerrit:967995|[noop] Explain more thoroughly how the '-' prefix works]] (duration: 07m 21s)

Change 968386 had a related patch set uploaded (by Gergő Tisza; author: Gergő Tisza):

[mediawiki/extensions/MobileFrontend@master] Handle mobile URLs for other wikis

https://gerrit.wikimedia.org/r/968386

Change 969401 had a related patch set uploaded (by Gergő Tisza; author: Gergő Tisza):

[operations/mediawiki-config@master] mobile: Add MobileUrlCallback

https://gerrit.wikimedia.org/r/969401

Change 968386 merged by jenkins-bot:

[mediawiki/extensions/MobileFrontend@master] Handle mobile URLs for other wikis

https://gerrit.wikimedia.org/r/968386

Change 966798 merged by jenkins-bot:

[operations/mediawiki-config@master] Generalize Meta/Commons exceptions for CentralAuth cookie handling

https://gerrit.wikimedia.org/r/966798

Mentioned in SAL (#wikimedia-operations) [2023-11-06T14:35:25Z] <urbanecm@deploy2002> Started scap: Backport for [[gerrit:966798|Generalize Meta/Commons exceptions for CentralAuth cookie handling (T257852)]], [[gerrit:971539|Restore OOUI dialog styles for compatibility (T350544)]]

Mentioned in SAL (#wikimedia-operations) [2023-11-06T14:36:41Z] <urbanecm@deploy2002> urbanecm and tgr and matmarex: Backport for [[gerrit:966798|Generalize Meta/Commons exceptions for CentralAuth cookie handling (T257852)]], [[gerrit:971539|Restore OOUI dialog styles for compatibility (T350544)]] synced to the testservers (https://wikitech.wikimedia.org/wiki/Mwdebug)

Mentioned in SAL (#wikimedia-operations) [2023-11-06T14:48:39Z] <urbanecm@deploy2002> Finished scap: Backport for [[gerrit:966798|Generalize Meta/Commons exceptions for CentralAuth cookie handling (T257852)]], [[gerrit:971539|Restore OOUI dialog styles for compatibility (T350544)]] (duration: 13m 13s)

Change 969401 merged by jenkins-bot:

[operations/mediawiki-config@master] mobile: Add MobileUrlCallback

https://gerrit.wikimedia.org/r/969401

Mentioned in SAL (#wikimedia-operations) [2023-11-13T21:35:59Z] <urbanecm@deploy2002> Started scap: Backport for [[gerrit:969401|mobile: Add MobileUrlCallback (T257852)]], [[gerrit:973797|Parsoid-VE-MCR hack: Always return main slot output if useParsoid is set (T351026 T351113)]]

Mentioned in SAL (#wikimedia-operations) [2023-11-13T21:37:17Z] <urbanecm@deploy2002> urbanecm and ssastry and tgr: Backport for [[gerrit:969401|mobile: Add MobileUrlCallback (T257852)]], [[gerrit:973797|Parsoid-VE-MCR hack: Always return main slot output if useParsoid is set (T351026 T351113)]] synced to the testservers (https://wikitech.wikimedia.org/wiki/Mwdebug)

Mentioned in SAL (#wikimedia-operations) [2023-11-13T21:54:33Z] <urbanecm@deploy2002> Finished scap: Backport for [[gerrit:969401|mobile: Add MobileUrlCallback (T257852)]], [[gerrit:973797|Parsoid-VE-MCR hack: Always return main slot output if useParsoid is set (T351026 T351113)]] (duration: 18m 34s)

I tried a few of the bugs linked in T257852#9252513 that had clear reproduction steps, and closed 3 that were definitely fixed by this work (T335125 T312042 T318138).

Change 977435 had a related patch set uploaded (by Gergő Tisza; author: Gergő Tisza):

[mediawiki/extensions/MobileFrontend@master] Hard-deprecate mobile URL templates

https://gerrit.wikimedia.org/r/977435