Jump to content


Rendered with Parsoid
From Wikitech
Latest comment: 9 years ago by MZMcBride
Formally document ops review of cookie changes prior to WMF deployment of new MediaWiki versions
and take measures to ensure this happens in practice

That hardly seems enough to me. We change cookies all the time, and I can even set arbitrary ones with gadgets installed on dozens of wiki's for anon or logged in users, it's not realistic to put all that past ops people for review (hell I think they didn't remember this small thing themselves). For code we could have jenkins jobs look for potential risks I guess, and we could have tests that look for 'new' matching cookies that we are not expecting on deployed systems and trigger warnings. We can also adapt jquery.cookie and mediawiki.cookie to be better aware of this. But really, we should at least explore finding totally different solutions to avoid this problem all together. TheDJ (talk) 14:01, 30 May 2015 (UTC)Reply

Agreed. I filed phabricator:T100920 about cookies and caching. We need to give the current approach further thought and consideration, in my opinion. --MZMcBride (talk) 06:32, 31 May 2015 (UTC)Reply