I'm not sure, but I thought I heard somewhere that we give logged out users cookies to ensure that some local caching is invalidated.
This is true. I believe it has to do with Squid and how it uses cookies to determine whether to serve a cached page or not.
I'm a little uneasy about this tracking, but I can understand the reasoning behind it.
*--* *Tyler Romeo* Stevens Institute of Technology, Class of 2015 Major in Computer Science www.whizkidztech.com | tylerromeo@gmail.com
On Tue, Dec 18, 2012 at 6:50 PM, bawolff bawolff+wn@gmail.com wrote:
On Tue, Dec 18, 2012 at 5:41 PM, Kevin Israel pleasestand@live.com wrote:
Even if you do not check "Remember my login on this browser", the username is saved for 180 days (which, by the way, is four times the duration set out in the WMF privacy policy). As far as I can tell, this "feature" has existed at least since the phase3 reorg in 2003, if not before then.
Not really. The cookie expiration was bumped to 180 days back in August of 2011. Before that we had a shorter expiry. See https://www.mediawiki.org/wiki/Special:Code/MediaWiki/94430 . Given that the user has to agree to the remember me function, I do not feel this is a privacy concern.
Ideally, an anonymous user, whether or not they have ever been logged in
as a >registered user, will not transmit any personally identifying information in their >requests.
I'm not sure, but I thought I heard somewhere that we give logged out users cookies to ensure that some local caching is invalidated.
-bawolff
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l