On Tue, May 10, 2011 at 8:26 AM, Chad <innocentkiller(a)gmail.com> wrote:
On Tue, May 10, 2011 at 11:22 AM, David Gerard
<dgerard(a)gmail.com> wrote:
But UK-based MediaWiki sites should be OK,
shouldn't they? Does
MediaWiki use cookies for anything other than login functionality? Not
sure if the "You must have cookies enabled to log in to SITENAME" bit
will need rewording for tediously strict compliance.
MediaWiki core only uses cookies for logging in, and nothing else.
Lots of extensions probably use cookies for stuff, so I can't speak
for them.
Broadly speaking we can divide our cookie usages into:
* login/session-related stuff (mostly seems to fall under falls under the
necessary exception)
* saved state/preferences ('necessary' exception does.... not? apply...?)
* tracking cookies for A/B testing and related metrics gathering -- this'd
be the most relevant actual stuff, but today should sit mostly in optional
extensions. Shouldn't affect UK-based third parties, but one should consider
how Wikimedia's own tracking setup works and if it's clear and consensual
enough.
Quick survey from a quick search-around for use of setCookie,
document.cookie, or $.cookie:
core:
* session cookie
* old-session-has-been-logged-out cookie
* saved login token cookie
* last-used username cookie
* TOC show/hide state
* some sort of session / buckets infrastructure to aid other scripts?
AddMediaWizard: firefogg preferences
ArticleFeedback: rating state, something about 'pitches'?
CategoryBrowser: seems to save some sort of state
CentralAuth: login session state
CentralNotice: banner hiding state
ClickTracking: session ID for monitoring a/b testing
DismissibleSiteNotice: dismissal state
FundraiserPortal: not exactly sure what
LanguageSelector: language selection state
MobileRedirect: mobile redirection preference
Narayam: input method preference
OggHandler: player preference
OpenID: last-used OpenID provider
SecurePoll: something or other
WebFonts: web fonts preference
WikiEditor: toolbar selection/expansion state, TOC sidebar state
Vector: collapsable navigation state, something that appears to be a/b
testing infrastructure for section edit links tests
-- brion