Last modified: 2014-11-14 01:44:10 UTC

Wikimedia Bugzilla is closed!

Wikimedia has migrated from Bugzilla to Phabricator. Bug reports should be created and updated in Wikimedia Phabricator instead. Please create an account in Phabricator and add your Bugzilla email address to it.
Wikimedia Bugzilla is read-only. If you try to edit or create any bug report in Bugzilla you will be shown an intentional error message.
In order to access the Phabricator task corresponding to a Bugzilla report, just remove "static-" from its URL.
You could still run searches in Bugzilla or access your list of votes but bug reports will obviously not be up-to-date in Bugzilla.
Bug 65384 - Core modules should use mediawiki.cookie instead of jquery.cookie
Core modules should use mediawiki.cookie instead of jquery.cookie
Status: NEW
Product: MediaWiki
Classification: Unclassified
JavaScript (Other open bugs)
1.24rc
All All
: Normal normal (vote)
: ---
Assigned To: Nobody - You can work on this!
gci2014
: easy
Depends on:
Blocks: code_quality
  Show dependency treegraph
 
Reported: 2014-05-16 01:27 UTC by Bartosz Dziewoński
Modified: 2014-11-14 01:44 UTC (History)
5 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description Bartosz Dziewoński 2014-05-16 01:27:21 UTC
mediawiki.* modules should be using the new mediawiki.cookie module (added per bug 49156) instead of jquery.cookie. It provides correct defaults for cookie domain, path and expiration.

It also respects $wgCookiePrefix, which can cause issues when migrating. It doesn't look like the JavaScript code which uses cookies is critical enough for us not to be able to just switch to the new names directly.

Offenders in core include mediawiki.toc, mediawiki.user, mediawiki.action.edit.collapsibleFooter, mediawiki.special.changeslist.legend.js.
Right now none of them respects cookie prefix, none of them handles the domain or path correctly (some use path: '/'), and none of them use the correct expiration time.
Comment 1 Matthew Flaschen 2014-05-16 22:44:34 UTC
It's possible to use mediawiki.cookie without changing the cookie names (e.g. for back-compat, or temporarily).  All the settings are overridable.

Changing the name without backwards compatibility should not be an issue for the simple UI ones (e.g. TOC) (it will be slightly annoying once per UI item, which is acceptable).  However, many of these may be better suited for localStorage.  We have a wrapper for this, jStorage (side not, jStorage does not handle wgCookiePrefix, so it has to be done manually), which uses localStorage or various fallbacks.

Avoiding cookies in such cases (where the server doesn't need the data) saves bandwidth.

If it seems relevant to analytics (e.g. 'mediawiki.user.bucket', 'mediaWiki.user.sessionId', etc.), please notify the analytics list (https://lists.wikimedia.org/mailman/listinfo/analytics) before it's merged, so if someone has an experiment in progress, they can coordinate.

Finally, it's completely expected that there will be overrides for duration; the most common use case for this is a session cookie (null duration).
Comment 2 Matthew Flaschen 2014-05-16 22:45:51 UTC
> the most common use case for this is a session cookie (null duration).

Many other examples (e.g. 30 days from changeslist) should probably use wgCookieExpiration, though.
Comment 3 Matthew Flaschen 2014-11-14 01:44:10 UTC
Unsubscribing, but feel free to add me to code review on this.

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links