On Thursday, May 22, 2014, Daniel Friesen daniel@nadir-seen-fire.com wrote:
On 2014-05-21, 3:29 PM, Brian Wolff wrote:
Fabrice, is this still the case? Are there ways around this?
- I suppose session cookies for anons just to possibly thank them is a
bit excessive.
It sure sounds excessive. Setting a session cookie after an edit has
been
made by an anon might[1] be quite cheap in reality, or at least cheap enough to justify the cost. Privacy wise it also seems ok, but I might
be
overlooking some things on that regard as well.
--Martijn
Don't we already do this upon an anon visiting an edit page? Otherwise standard talk page messages wouldn't really work for anons, as the user wouldn't get past varnish.
--bawolff
To be clear, we set a cookie on submit of the edit page, whether it results in an edit or not, but not on visit.
But that is essentially what Martijn described.
~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://danielfriesen.name/]
As is, that should be sufficient to do this on a best effort basis, right? If the cookie forces Varnish bypass we could already "x thanked this IP address for their edits on y".
I can see however that this could have privacy concerns. Delivering the message "Martijn Hoekstra thanked this IP address for their edits on porn star y" delivered to the wrong person in the same ip isn't great. I'm not sure this is different from talk page messages though, I think it isn't.
If we stored more information in the cookie (last n revisionids of edits for some sensible n?) we could make this more reliable. As a session cookie his would leak less privacy sensitive data than is already in the browsers history, and may avoid the above problem.
Would this approach be feasible in theory? In practice?
--Martijn
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org javascript:; https://lists.wikimedia.org/mailman/listinfo/wikitech-l