Page MenuHomePhabricator

List active MediaWiki sessions for your account
Closed, DuplicatePublic

Description

Currently, there’s no way for me to see which sessions are valid/active for my account on Wikimedia projects – if I want to be sure that I can’t be compromised by an old session, I have to change my password. It would be useful if MediaWiki instead offered a way to list those sessions, and ideally allowed me to selectively terminate them as well.

GitHub and Twitter have such a feature, for example:
Screenshot_2019-09-12 Build software better, together.png (290×766 px, 17 KB) Screenshot_2019-09-12 Apps und Sitzungen Twitter.png (540×622 px, 22 KB)

In MediaWiki, this is currently offered by Extension:SecureSessions (CC @Parent5446), but that extension isn’t deployed on Wikimedia wikis and also doesn’t always work, for example due to T73066; in T73066#2386198, @Anomie outlined an alternative way to track sessions. I think it might be worth adding this as a core feature.

Event Timeline

A question here is what is the definition of "session", particularly with respect to the "remember me" checkbox. Depending on the answer, this may be a duplicate of T58212: Add a feature to track and terminate specific login sessions.

eprodromou subscribed.

This seems like a pretty big feature. I'm going to move this into our new initiative queue and we'll work out how and whether we'll move forward with it.