[Foundation-l] Cookie based blocking and bug #3233. A quick hack implimented on commons.

Gregory Maxwell gmaxwell at gmail.com
Tue Dec 12 02:54:31 UTC 2006


A cookie is a piece of data stored by a website in your web browser
and made available to that site when you use the site.  (see [[HTTP
cookie]] for more info)

For a while people have thought it would be useful to use cookies as
part of our blocking system.  The idea is that when a user is blocked,
mediawiki would give them a cookie to indicate that they are blocked.
This would then inhibit them from editing even if they changed IPs.
The primary limitation to this approach is that any terminologically
savvy user could easily remove the cookie.

There is a request filed for this feature
(http://bugzilla.wikimedia.org/show_bug.cgi?id=3233) along with a
patch, but this patch has not yet been merged into mediawiki.

Because interest for this feature keeps reoccurring, I threw together
a quick hack using javascript. This method of implementation allows us
to experiment and gauge the value of the approach without distracting
the core developers with more code to merge and support.

This could be implemented by any admin on an of our wiks.
http://commons.wikimedia.org/w/index.php?title=MediaWiki:Monobook.js&diff=prev&oldid=3757203

Like all cookie based solutions, it is easy to bypass. Its primary
disadvantage compared to the mediawiki patch is that it is not
integrated with the block page, to activate a cookie based block you
must make a separate edit to the target user's javascript.

The current behavior blocks all uploads and edits by the impacted
browser, but it would be fairly trivial to make the function more like
regular blocking... or even more fine grained with per-namespace or
per article blocks. The current behavior also renews the block for 24
hours every time the user *views* a page while logged in as the
blocked user. This too could be trivially changed.

If anyone tries this out or improves it, please let me know. I pretty
much learned javascript in order to do this.. and it only took about
15 minutes to do, so don't expect it to work miracles but it should
work as advertised.



More information about the foundation-l mailing list