On Tue, May 10, 2011 at 8:26 AM, Chad innocentkiller@gmail.com wrote:
On Tue, May 10, 2011 at 11:22 AM, David Gerard dgerard@gmail.com wrote:
But UK-based MediaWiki sites should be OK, shouldn't they? Does MediaWiki use cookies for anything other than login functionality? Not sure if the "You must have cookies enabled to log in to SITENAME" bit will need rewording for tediously strict compliance.
MediaWiki core only uses cookies for logging in, and nothing else. Lots of extensions probably use cookies for stuff, so I can't speak for them.
Broadly speaking we can divide our cookie usages into:
* login/session-related stuff (mostly seems to fall under falls under the necessary exception) * saved state/preferences ('necessary' exception does.... not? apply...?) * tracking cookies for A/B testing and related metrics gathering -- this'd be the most relevant actual stuff, but today should sit mostly in optional extensions. Shouldn't affect UK-based third parties, but one should consider how Wikimedia's own tracking setup works and if it's clear and consensual enough.
Quick survey from a quick search-around for use of setCookie, document.cookie, or $.cookie:
core: * session cookie * old-session-has-been-logged-out cookie * saved login token cookie * last-used username cookie * TOC show/hide state * some sort of session / buckets infrastructure to aid other scripts?
AddMediaWizard: firefogg preferences ArticleFeedback: rating state, something about 'pitches'? CategoryBrowser: seems to save some sort of state CentralAuth: login session state CentralNotice: banner hiding state ClickTracking: session ID for monitoring a/b testing DismissibleSiteNotice: dismissal state FundraiserPortal: not exactly sure what LanguageSelector: language selection state MobileRedirect: mobile redirection preference Narayam: input method preference OggHandler: player preference OpenID: last-used OpenID provider SecurePoll: something or other WebFonts: web fonts preference WikiEditor: toolbar selection/expansion state, TOC sidebar state Vector: collapsable navigation state, something that appears to be a/b testing infrastructure for section edit links tests
-- brion