Maybe I'm missing something, but where is the 180 days number coming from. When User::setCookies() sets the cookies, it gives it no expiry, so in reality the cookie persists until the browser removes it.
*--* *Tyler Romeo* Stevens Institute of Technology, Class of 2015 Major in Computer Science www.whizkidztech.com | tylerro...@gmail.com On Tue, Dec 18, 2012 at 11:07 PM, Matthew Flaschen <mflasc...@wikimedia.org>wrote: > On 12/18/2012 06:50 PM, bawolff wrote: > > On Tue, Dec 18, 2012 at 5:41 PM, Kevin Israel <pleasest...@live.com> > wrote: > > > >> > >> Even if you do not check "Remember my login on this browser", the > >> username is saved for 180 days (which, by the way, is four times the > >> duration set out in the WMF privacy policy). As far as I can tell, this > >> "feature" has existed at least since the phase3 reorg in 2003, if not > >> before then. > > > > Not really. The cookie expiration was bumped to 180 days back in > > August of 2011. Before that we had a shorter expiry. See > > https://www.mediawiki.org/wiki/Special:Code/MediaWiki/94430 . Given > > that the user has to agree to the remember me function, I do not feel > > this is a privacy concern. > > No, I tested and Kevin is correct. The "remember me" controls whether > the user_token cookie is set: > https://www.mediawiki.org/wiki/Manual:User_table#user_token . In > practice, this means you will be logged in for 180 days. > > But even if you don't check it, your username and user id (but not > password or "being logged in") will be cached in a cookie for 180 days. > > I believe the relevant code starts at > > https://gerrit.wikimedia.org/r/gitweb?p=mediawiki/core.git;a=blob;f=includes/User.php;h=28ff63004797bdf8c1bcb1696a7526f294b3a283;hb=refs/heads/master#l2845 > . > > I have reported the 30 v. 180 discrepancy to le...@wikimedia.org > > Matt Flaschen > > _______________________________________________ > Wikitech-l mailing list > Wikitech-l@lists.wikimedia.org > https://lists.wikimedia.org/mailman/listinfo/wikitech-l > _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
