There are situations where ip based blocking is overbroad (many users behind a proxy) and situations where it is ineffective (user can change IP). As a result some people have thought it desirable to be able to block users based on a cookie, which although not foolproof itself would be a useful additional tool.
I'd like to propose we implement half of that to gain something which is useful right away but would require almost no work: Cookie based sockcheck.
When a user edits, we request a cookie "usertoken" or whatever. If they do not have one, we generate a long random number and give them one. Every edit made by that browser (no matter which user is logged in) the cookie is returned. We add an extra column to recent changes to store this value.
A new version of sockcheck is produced that finds users who share revisions with the same token, much like we can do with IPs already. Viola, cookie based sockcheck.
Thoughts?
wikitech-l@lists.wikimedia.org