On 12/19/2012 12:47 AM, Tyler Romeo wrote: > Maybe I'm missing something, but where is the 180 days number coming from. > When User::setCookies() sets the cookies, it gives it no expiry, so in > reality the cookie persists until the browser removes it.
Here (https://gerrit.wikimedia.org/r/gitweb?p=mediawiki/core.git;a=blob;f=includes/User.php;h=28ff63004797bdf8c1bcb1696a7526f294b3a283;hb=refs/heads/master#l2864) User::setCookies calls User::setCookie (singular) with expiration 0 for UserID and UserName. I don't know where you see no expiration. However, User::setCookie (https://gerrit.wikimedia.org/r/gitweb?p=mediawiki/core.git;a=blob;f=includes/User.php;h=28ff63004797bdf8c1bcb1696a7526f294b3a283;hb=refs/heads/master#l2794) itself says "if 0 or not specified, use the default $wgCookieExpiration" It actually calls WebResponse::setcookie (https://gerrit.wikimedia.org/r/gitweb?p=mediawiki/core.git;a=blob;f=includes/WebResponse.php;h=e4677380f4d61a7b45fcdaa922c199499ac2a712;hb=refs/heads/master#l41). Both User::setCookie and WebResponse::setcookie default the $exp if it is not passed in, though it is in this case. setcookie does that expiration logic. 0 corresponds to expire = time() + $wgCookieExpiration. I don't see any way there can be an infinite cookie. Matt Flaschen _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
