[Mediawiki-l] New UK cookie rules and MediaWiki

Brion Vibber brion at pobox.com
Tue May 10 17:25:34 UTC 2011


On Tue, May 10, 2011 at 8:26 AM, Chad <innocentkiller at gmail.com> wrote:

> On Tue, May 10, 2011 at 11:22 AM, David Gerard <dgerard at gmail.com> wrote:
> > But UK-based MediaWiki sites should be OK, shouldn't they? Does
> > MediaWiki use cookies for anything other than login functionality? Not
> > sure if the "You must have cookies enabled to log in to SITENAME" bit
> > will need rewording for tediously strict compliance.
> >
>
> MediaWiki core only uses cookies for logging in, and nothing else.
> Lots of extensions probably use cookies for stuff, so I can't speak
> for them.
>

Broadly speaking we can divide our cookie usages into:

* login/session-related stuff (mostly seems to fall under falls under the
necessary exception)
* saved state/preferences ('necessary' exception does.... not? apply...?)
* tracking cookies for A/B testing and related metrics gathering -- this'd
be the most relevant actual stuff, but today should sit mostly in optional
extensions. Shouldn't affect UK-based third parties, but one should consider
how Wikimedia's own tracking setup works and if it's clear and consensual
enough.


Quick survey from a quick search-around for use of setCookie,
document.cookie, or $.cookie:

core:
* session cookie
* old-session-has-been-logged-out cookie
* saved login token cookie
* last-used username cookie
* TOC show/hide state
* some sort of session / buckets infrastructure to aid other scripts?


AddMediaWizard: firefogg preferences
ArticleFeedback: rating state, something about 'pitches'?
CategoryBrowser: seems to save some sort of state
CentralAuth: login session state
CentralNotice: banner hiding state
ClickTracking: session ID for monitoring a/b testing
DismissibleSiteNotice: dismissal state
FundraiserPortal: not exactly sure what
LanguageSelector: language selection state
MobileRedirect: mobile redirection preference
Narayam: input method preference
OggHandler: player preference
OpenID: last-used OpenID provider
SecurePoll: something or other
WebFonts: web fonts preference
WikiEditor: toolbar selection/expansion state, TOC sidebar state
Vector: collapsable navigation state, something that appears to be a/b
testing infrastructure for section edit links tests

-- brion


More information about the MediaWiki-l mailing list