Just in the last week, I’ve started having trouble logging into discourse forums from my phone.
Specifically:
I was logged in, and then the forum switched to not-logged-in mode (my icon disappeared from the upper-right corner, reply buttons disappeared, etc.)
I tap the “Log In”" button in the upper right, and enter my username/password, then tap the “Log in” button.
It thinks for a bit, then puts me back into the regular forum view
And I’m still not logged in
But, if I open a private browsing tab, then I can log in fine. The problem only happens from a regular tab. (I guess this means that discourse has set some kind of broken cookie or something?)
I can’t think of any way that logging in with a different browser I’ve never used before would be different than logging in with a private browsing tab… and indeed, logging in with Chrome does work, just like logging in with a private browsing tab in Firefox.
I just tested it, and logging in works for me here on my forum. Do you have any browser plugins installed? I think that Firefox now disables them by default when you’re in private browsing mode, at least on desktop.
I used firefox’s remote debugger to get a network trace. It turns out that from a regular tab, the POST to /login was sending… no cookies whatsoever. From a private tab, it sent _forum_session and _t, which seems more reasonable. I guess it’s fair that discourse can’t mark my session as authenticated when the browser isn’t sending the session cookie! But I don’t know why the cookie wouldn’t be sent.
That does make it seem plausible that something add-on related was messing with things…
So, I tried disabling all my add-ons, and then switched back to the discourse tab to try reloading. But… this is weird, and maybe my memory is messing with me, but when I switched back to that tab, I was now logged in, even before reloading. So I re-enabled all my extensions again… and I’m still logged in. I’m back to my original configuration, but the problem has mysteriously vanished.
That’s scheduled for Firefox 67, which is still in beta – I’m on Firefox 66, which still runs extensions in private browsing windows. So that’s another thing that’s mysterious about this… even if it was an extension that was somehow messing with things, why did private browsing make a difference?
For the record in case anyone else hits something like this in the future, the add-ons I have enabled are: Ghostery, HTTPS Everywhere, Privacy Badger, uBlock Origin. In theory Privacy Badger can eat cookies (that’s kind of what it’s for :-)), but I checked its settings and it says it wasn’t doing anything to those domains. If it happens again I’m going to look real suspiciously at Ghostery.
