Page MenuHomePhabricator

Add a way to prevent user from log in and disable a users session when blocking
Open, Needs TriagePublic

Description

In some wikis, if we block a user, we want to kill of their sessions and log them out (because they aren't allowed to edit their talk page, because requesting unblock isn't a rule on the wiki)...

invalidateUserSessions.php can be used to invalidate sessions, but not everyone always has shell access etc

Not sure if this should live in MW core, behind some feature flag... Or somewhere else?

Should be relatively simple to code though

(This user should not be able to log in to the wiki, otherwise they may easily circumvent such action)

Event Timeline

Kizule added a subscriber: Kizule.

Let me try :)

Change 507732 had a related patch set uploaded (by Zoranzoki21; owner: Zoranzoki21):
[mediawiki/core@master] Disable a user session and log them out when blocking

https://gerrit.wikimedia.org/r/507732

Change 507732 had a related patch set uploaded (by Zoranzoki21; owner: Zoranzoki21):
[mediawiki/core@master] Disable a user session and log them out when blocking

https://gerrit.wikimedia.org/r/507732

I made patch and help with improvements is welcome. :)

Copying over the "in-patch" comment for better discussion

I think that this new feature should be behind a flag and/or as another option for the admin to check when creating the block.

Blocks are not always sitewide and logging out a user when creating a partial block (editing or otherwise) doesn't make much sense considering that the user can still perform other actions and/or keep editing other pages/namespaces

A checkbox in SpecialBlock behind a config flag would be the way to go imo. Said checkbox should probably be disabled for partial blocks considering that it doens't make much sense to provide such functionality in that particular case.

Change 507732 abandoned by Zoranzoki21:
Disable a user session and log them out when blocking

Reason:
No, I am not feeling sure and I no want to work on this

https://gerrit.wikimedia.org/r/507732

Kizule removed Kizule as the assignee of this task.May 2 2019, 2:16 AM
Kizule removed projects: Patch-For-Review, User-Kizule.

Copying over the "in-patch" comment for better discussion

I think that this new feature should be behind a flag and/or as another option for the admin to check when creating the block.

Blocks are not always sitewide and logging out a user when creating a partial block (editing or otherwise) doesn't make much sense considering that the user can still perform other actions and/or keep editing other pages/namespaces

A checkbox in SpecialBlock behind a config flag would be the way to go imo. Said checkbox should probably be disabled for partial blocks considering that it doens't make much sense to provide such functionality in that particular case.

i did say feature flag originally ;)

But yeah, I agree. It has some use for some types of blocks (indef block of everything), and on some types of wikis (like wikitech where blocks are more used for bad actors/spammers etc, rather than things like edit warring). But it definitely shouldn’t just be done unconditionally for all blocks

i did say feature flag originally ;)

You did, sorry I missed it :)

we want to kill of their sessions and log them out
because requesting unblock isn't a rule on the wiki...
because they aren't allowed to edit their talk page,

If you need all these, there's no reason to not use $wgBlockDisablesLogin = true

Bugreporter renamed this task from Add a way to disable a users session and log them out when blocking to Add a way to prevent user from log in and disable a users session when blocking.May 16 2020, 11:07 PM