On Thu, Feb 17, 2011 at 3:27 PM, Platonides Platonides@gmail.com wrote:
The reason I set to add it was that loggin in on not-too-used sites actually short lived my long sessions. Bug 24471 [1] explains a similar problem although you have to read [2] to understand it.
I agree it's some UI clutter, but there is no way to per-user hide a pre-login option. The magic parameters are good for insiders, but aren't a proper fix either.
This seems like less of a per-user issue than a per-*site* issue where the affected sites are those few that are tied into CentralAuth, but don't get global session cookies...
I'd like changing the way Central Auth works, so that instead of
automatically being logged in, you would need to click a link, and you would be logged with the crendentials from a central site.
That would be a big pain in nearly all circumstances for nearly all users, so I don't think it has much chance of success as a general change to make.
I'd recommend concentrating on what can be done to make the minority case (people logging into the sites that currently don't get global cookies) look and act more like the majority case (people logging into Wikipedia and most other projects) without damaging the general case.
Good areas to explore include: * eliminating the problem of *.wikimedia.org subdomains having to be set separately by ensuring there's nothing unsafe on *.wikimedia.org * finding a way to set the cookies on all domains more quickly * finding a way to set the cookies in only one place, but be able to check them directly from all domains (not sure this is possible) * finding a way to set the cookies in only one place, but be able to check them indirectly from all domains in a way that doesn't interfere much with user activity (eg checking login state from JavaScript at start of page load, then fixing up the local session in an automatic refresh)
As a worst-case scenario, having the second-tier domains require a click in to the global login state without the inconsistencies wouldn't be too awful, but should only apply to those domains.
-- brion