On Thu, Sep 29, 2016 at 4:00 PM, Brian Wolff <[email protected]> wrote:
> This way it will work for users without cookies (Maybe none exist, but I > like the idea you can edit wikipedia without cookies) There have been people who disabled cookies and still wanted to be able to use the sites. > and for users who have rapidly changing IPs. Well, only after they manage to get a session cookie set. I see the patch there attempts to account for that by creating a session on token failure via HTMLForm, which is good, although there are other code paths that would need the same sort of thing (e.g. API token checks). > It will also have minimal breakage, as you won't have to adjust any > existing usages of tokens (For example, on special pages). > Note it will affect scripts and API clients that expect to see "+\" as the token as a sign that they're logged out, or worse assume that's the token and don't bother to fetch it. -- Brad Jorsch (Anomie) Senior Software Engineer Wikimedia Foundation _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
