https://bugzilla.wikimedia.org/show_bug.cgi?id=52079
Web browser: ---
Bug ID: 52079
Summary: remove token logging, or change to sessionId cookie
Product: MediaWiki extensions
Version: master
Hardware: All
OS: All
Status: NEW
Severity: minor
Priority: Unprioritized
Component: Campaigns
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected], [email protected],
[email protected], [email protected]
Classification: Unclassified
Mobile Platform: ---
When Campaign logs a ServerSideAccountCreation event, it still logs the
'mediaWiki.user.id' cookie as the token field.
As
https://meta.wikimedia.org/wiki/Schema_talk:ServerSideAccountCreation#event_token_changes
says, client-side code no longer sets this long-lived cookie since bug 44327
was fixed in May 2013. Instead if mw.user.id() is called it sets a
'mediaWiki.user.sessionId' cookie.
Depending on need and privacy policy, Campaign could be changed to not log
token, or to log the new 'mediaWiki.user.sessionId' cookie. FYI account
creation does not currently set either cookie; the current callers of
mw.user.id() are AFT, AFTv5, and UniversalLanguageSelector.
Many events still have a non-blank token (30% of all enwiki and dewiki account
creations). Apparently people are creating accounts in browsers that set this
cookie months ago.
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
