The Meta-wikipedia says I don't exist, yet my login name is working fine on most pages.
(Moderator, please kill the earlier variant of this message that I made from the wrong email address @dramatic.co.nz !)
On Wed, 19 Mar 2003, Richard Grevers wrote:
The Meta-wikipedia says I don't exist, yet my login name is working fine on most pages.
Before we go further: you are aware that each wiki has a separate user database, and that you have to create the username separately on each wiki, right? Have you ever logged in on meta.wikipedia.org before? Did you create an account there?
-- brion vibber (brion @ pobox.com)
On Tue, 18 Mar 2003 14:17:45 -0800 (PST), Brion Vibber vibber@aludra.usc.edu wrote:
On Wed, 19 Mar 2003, Richard Grevers wrote:
The Meta-wikipedia says I don't exist, yet my login name is working fine on most pages.
Before we go further: you are aware that each wiki has a separate user database, and that you have to create the username separately on each wiki, right? Have you ever logged in on meta.wikipedia.org before? Did you create an account there?
I wasn't aware of that, because I'm not aware of it being stated clearly anywhere (the login page would be a good place!). Is that why there are no links from the english wiki to meta.wikipedia.org?
This raises another question: What provision is there to prevent someone else grabbing my wikipedia.en username on the meta wiki and appearing to be me? Or to prevent me registering as, say, Susan Mason on meta?
(Richard - off to create an account before anyone gets ideas!)
On Wed, 19 Mar 2003, Richard Grevers wrote:
On Tue, 18 Mar 2003 14:17:45 -0800 (PST), Brion Vibber
Before we go further: you are aware that each wiki has a separate user database, and that you have to create the username separately on each wiki, right? Have you ever logged in on meta.wikipedia.org before? Did you create an account there?
I wasn't aware of that, because I'm not aware of it being stated clearly anywhere (the login page would be a good place!).
I'll add a note.
Is that why there are no links from the english wiki to meta.wikipedia.org?
I'm not quite sure what you mean -- there are numerous links to meta from the main page, recentchanges, and various other places.
This raises another question: What provision is there to prevent someone else grabbing my wikipedia.en username on the meta wiki and appearing to be me? Or to prevent me registering as, say, Susan Mason on meta?
The same thing that prevents someone else from grabbing your wikipedia.en username on slashdot.org or yahoo.com: politeness and/or lack of interest in doing so.
-- brion vibber (brion @ pobox.com)
On Tue, 18 Mar 2003 14:40:19 -0800 (PST), Brion Vibber vibber@aludra.usc.edu wrote:
On Wed, 19 Mar 2003, Richard Grevers wrote:
On Tue, 18 Mar 2003 14:17:45 -0800 (PST), Brion Vibber
Before we go further: you are aware that each wiki has a separate user database, and that you have to create the username separately on each wiki, right? Have you ever logged in on meta.wikipedia.org before? Did you create an account there?
I wasn't aware of that, because I'm not aware of it being stated clearly anywhere (the login page would be a good place!).
I'll add a note.
Is that why there are no links from the english wiki to meta.wikipedia.org?
I'm not quite sure what you mean -- there are numerous links to meta from the main page, recentchanges, and various other places.
This raises another question: What provision is there to prevent someone else grabbing my wikipedia.en username on the meta wiki and appearing to be me? Or to prevent me registering as, say, Susan Mason on meta?
The same thing that prevents someone else from grabbing your wikipedia.en username on slashdot.org or yahoo.com: politeness and/or lack of interest in doing so.
-- brion vibber (brion @ pobox.com)
On Tue, 18 Mar 2003 14:40:19 -0800 (PST), Brion Vibber vibber@aludra.usc.edu wrote:
I wasn't aware of that, because I'm not aware of it being stated clearly anywhere (the login page would be a good place!).
I'll add a note.
Thanks!
Is that why there are no links from the english wiki to meta.wikipedia.org?
I'm not quite sure what you mean -- there are numerous links to meta from the main page, recentchanges, and various other places.
It took 30 seconds but I found it (the main page is rather, um, link rich)
This raises another question: What provision is there to prevent someone else grabbing my wikipedia.en username on the meta wiki and appearing to be me? Or to prevent me registering as, say, Susan Mason on meta?
The same thing that prevents someone else from grabbing your wikipedia.en username on slashdot.org or yahoo.com: politeness and/or lack of interest in doing so.
But I would never expect the latter with other sites. However, the separation between wikis is not at all evident to the newcomer. Indeed, my first assumption was of a single user database across all wikipedia entities.
While we are discussing log-ins, what is the expiry time for keeping logged in status? It seems to be rather short - only an hour or so. While I don't necessarily want to use cross-session cookies, it would be nice to stay logged in for an entire browser session. Sometimes I find that I have edited an article anonymously because my login has expired in the meantime. One option could be to default to session-long logins but to have a checkbox "this is a public computer" which would introduce a 30 or 60 minute limit.
(cc'ing to wikitech-l)
On Wed, 19 Mar 2003, Richard Grevers wrote:
But I would never expect the latter with other sites. However, the separation between wikis is not at all evident to the newcomer. Indeed, my first assumption was of a single user database across all wikipedia entities.
This is planned, but (surprise!) not yet implemented. It requires either that all wikis are in one database (which would require more code to deal with languages and sections separately) or talk to two databases, one local and one common.
The latter approach is already being started with some experimental code Magnus has done for the interlanguage links, so in the short term we'll probably go that way. (Once someone has time to work on it...)
While we are discussing log-ins, what is the expiry time for keeping logged in status? It seems to be rather short - only an hour or so. While I don't necessarily want to use cross-session cookies, it would be nice to stay logged in for an entire browser session. Sometimes I find that I have edited an article anonymously because my login has expired in the meantime. One option could be to default to session-long logins but to have a checkbox "this is a public computer" which would introduce a 30 or 60 minute limit.
*Side usability note: it's easy to misinterpret from the layout that the 'remember my password' checkbox applies only to creation of new accounts. This should probably be changed.*
Our whole login/cookie system is crying out for improvement. I've never messed with it much because I'm not 100% sure how it works. ;)
We partially use PHP's session management, and we also set some other cookies. I don't know what the default timeouts are. PHP session cookies are IMHO problematic, because it asks to set a cookie *the first time you touch the site*. I'm sure I'm not the only one who blocks all cookies by default unless I'm deliberately logging in to a site; and we do not gracefully handle the case where someone tries to log in with cookies disabled.
(We print a blithe "success!" message, but the next page they visit is logged back out, because the session cookie isn't passed on. PHP session stuff has some funky link munging, but a) we prevent them from being put in on most pages by using absolute URLs, and b) with our current url rewriting configuration the information would be lost in most cases. And c) putting session information into URLs is *serious* bad mojo, with great possibilities for session hijacking.)
Better would be to only set cookies at login time, and to pull a redirect in the login process so we can reload and check that the cookie stuck. (Or we could check for the cookie in javascript, but I hate relying on javascript. Someone with both cookies and javascript disabled/not available should also be able to be told that they can't log in.)
-- brion vibber (brion @ pobox.com)
Brion Vibber wrote:
While we are discussing log-ins, what is the expiry time for keeping logged in status?
Don't know why, but I'm usually logged in over some days/week. Ok, I'm using Wikipedia with the 'all features you can get browser'TM (cookies, passwords), maybe this helps.
Smurf
wikipedia-l@lists.wikimedia.org