On Thu, Feb 17, 2011 at 3:27 PM, Platonides <platoni...@gmail.com> wrote:

> The reason I set to add it was that loggin in on not-too-used sites
> actually short lived my long sessions.
> Bug 24471 [1] explains a similar problem although you have to read [2]
> to understand it.
>
> I agree it's some UI clutter, but there is no way to per-user hide a
> pre-login option. The magic parameters are good for insiders, but aren't
> a proper fix either.
>

This seems like less of a per-user issue than a per-*site* issue where the
affected sites are those few that are tied into CentralAuth, but don't get
global session cookies...

I'd like changing the way Central Auth works, so that instead of
> automatically being logged in, you would need to click a link, and you
> would be logged with the crendentials from a central site.
>

That would be a big pain in nearly all circumstances for nearly all users,
so I don't think it has much chance of success as a general change to make.

I'd recommend concentrating on what can be done to make the minority case
(people logging into the sites that currently don't get global cookies) look
and act more like the majority case (people logging into Wikipedia and most
other projects) without damaging the general case.

Good areas to explore include:
* eliminating the problem of *.wikimedia.org subdomains having to be set
separately by ensuring there's nothing unsafe on *.wikimedia.org
* finding a way to set the cookies on all domains more quickly
* finding a way to set the cookies in only one place, but be able to check
them directly from all domains (not sure this is possible)
* finding a way to set the cookies in only one place, but be able to check
them indirectly from all domains in a way that doesn't interfere much with
user activity (eg checking login state from JavaScript at start of page
load, then fixing up the local session in an automatic refresh)

As a worst-case scenario, having the second-tier domains require a click in
to the global login state without the inconsistencies wouldn't be too awful,
but should only apply to those domains.

-- brion
_______________________________________________
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Reply via email to