https://bugzilla.wikimedia.org/show_bug.cgi?id=3233
--- Comment #12 from Tyler Romeo <[email protected]> --- (In reply to comment #10) > When this bug was filed (in 2005), Web browsers didn't commonly have an > "incognito" or "private browsing" mode. Given that this cookie feature is > intended to target users who are capable of changing their IP address (i.e., > users with some degree of technical competence/clue), I feel it's reasonable > to > assume these same bad users are equally capable of using their Web browser's > incognito mode or disabling JavaScript or clearing their cookies as a means > of > bypassing this cookie. > > I'm inclined to support marking this bug as resolved/wontfix, but I'd like to > hear what others think. It should be noted, though, that incognito mode does not ignore cookies, it simply deletes them upon going out of incognito mode. So if a user logs into a blocked account incognito, but doesn't open a new window when switching IPs, the cookie will still be there. (In reply to comment #11) > I'm concerned about this, particularly with the cookie duration used in > Tyler's > Gerrit. > > First of all, this will obviously have ramifications on shared computers, > particularly in libraries in schools, where there's a lot of vandalism but > also > where some constructive people do their only editing. That alone gives me > pause. > > Robert suggested 24 hours, which would definitely mitigate this. However, > the > proposed implementation > (https://gerrit.wikimedia.org/r/#/c/48029/3/includes/User.php) uses the > default > cookie expiration (since setCookie with duration 0 uses that). > > The default default > (https://www.mediawiki.org/wiki/Manual:$wgCookieExpiration) > is now 180 days, which is an entirely different matter from a day. The cookie should last however long the block lasts. That's how autoblocks work even outside of this case. It's the autoblock that needs to be short (and it is short), not the cookie expiration. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
