Since T233594, a block can be tracked with a cookie from any uncached web request. However, the cookie is only removed when a user attempts to perform an action that triggers a block check. Problems with this:
- Cookies are added and removed asymmetrically, meaning that they persist longer than they should. E.g. if a user is unblocked earlier than expected, their cookie will still persist even when making uncached web requests. (This will not currently have a damaging effect, since it will be removed if the user tried to do anything that a blocked user cannot do; however, it pollutes their cookies.)
- In order to clear the cookie when the block is being checked, the BlockManager must access the response object from the user object. Ideally the user would not provide access to this; in fact, this is one of the few cases where access is needed, as discussed in T231930.
A solution to both of these problems would be to clear invalid block cookies at the point when block cookies are being set.