Page MenuHomePhabricator
Create Task
Maniphest T264393

Mark user object as non-serializable
Open, Needs TriagePublic
Actions

Description

The User object should be marked as non-serializable using NonSerializableTrait.

Serializing user objects can drag along large amounts of data. Deserialized user objects may contain stale data. This is the case especially for the following member fields of User:

  • mRequest A WebRequest that would be invalid and misleading when deserialized during a later request.
  • mBlock, mBlockedFromCreateAccount, $mGlobalBlock:AbstractBlock instances that may be inaccurate at a later time.

This could be mitigated by blanking these fields during serialization. However, User object should generally not be considered safe for serialization. UserIdentityValue should be used instead.

The first attempt to do so caused a production error, see T264363: Instances of User are not serializable!. We need to resolve at least two instances of User being serialized first:

Related Objects
Search...

Event Timeline

daniel created this task.Oct 2 2020, 7:58 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 2 2020, 7:58 AM
daniel added subtasks: T264389: ProofreadPageContent must not contain User object, since it cannot be serialized safely., T264391: FeaturedFeedChannel must not contain a User object, since it cannot be serialized safely..Oct 2 2020, 7:59 AM
daniel mentioned this in T264363: Instances of User are not serializable!.
DannyS712 subscribed.Oct 2 2020, 12:45 PM
Jdforrester-WMF subscribed.Oct 2 2020, 3:45 PM
BPirkle moved this task from Inbox to Future Initiatives/Small Projects on the Platform Engineering board.Oct 6 2020, 8:40 PM
Naike edited projects, added Platform Engineering Roadmap Decision Making; removed Platform Engineering.Oct 8 2020, 8:49 PM
Naike moved this task from Untriaged to Icebox on the Platform Engineering Roadmap Decision Making board.Nov 16 2020, 3:23 PM
JJMC89 moved this task from Backlog to Other on the MediaWiki-User-management board.Nov 28 2020, 4:38 PM
daniel added a parent task: T274189: Remove usage of PHP serialization from WANObjectCache.Feb 8 2021, 9:02 PM
tstarling closed subtask T264391: FeaturedFeedChannel must not contain a User object, since it cannot be serialized safely. as Resolved.Feb 9 2021, 2:35 AM
hashar reopened subtask T264391: FeaturedFeedChannel must not contain a User object, since it cannot be serialized safely. as Open.Feb 9 2021, 2:32 PM
mmodell closed subtask T264391: FeaturedFeedChannel must not contain a User object, since it cannot be serialized safely. as Resolved.Feb 10 2021, 8:21 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL