On 12/18/2012 03:28 PM, Tyler Romeo wrote:
- This I have no idea about, but it's definitely not in the core, because
my test wiki doesn't set this cookie. It has to be an extension.
Merely calling the mediaWiki.user.id() JavaScript function, which was introduced into core MediaWiki in https://www.mediawiki.org/wiki/Special:Code/MediaWiki/78539 , sets the one-year cookie. Nothing in core MW (except for the corresponding QUnit test) actually uses the function.
However, the following code in extensions/E3Experiments/experiments/openTask.js does call that function. I can confirm this code is executed merely by loading Wikipedia's Main Page.
// FIXME for anons, calling mw.user.id() simply ensures the // "mediaWiki.user.id" cookie is set, if it isn't already. if ( !$.cookie( 'mediaWiki.user.id' ) ) { if ( mw.user.id() === mw.user.getName() ) { $.cookie( 'mediaWiki.user.id', generateId(), { expires: 365, path: '/' } ); } }
- That is done on purpose. It's a convenience feature. Notice how when you
logout and then go back to the login page that your username is already filled in for you. AFAIK, it isn't used in any way by MediaWiki to identify the user.
Even if you do not check "Remember my login on this browser", the username is saved for 180 days (which, by the way, is four times the duration set out in the WMF privacy policy). As far as I can tell, this "feature" has existed at least since the phase3 reorg in 2003, if not before then.