This task is to track the progress on addressing new requirements surrounding how MediaWiki generates, stores, and provides its notion of "user session ID". This work is important for the ongoing upgrade of the data analytics technology related to the Modern Event Platform.
Because the relevant interfaces in mw.user.sessionId and mw.user.generateRandomSessionId are used in a number of places throughout MediaWiki, we should be careful about altering their behavior in ways that could cause unexpected outcomes for these callers. If we determine that new behavior is required, we may need to consider a new interface (with the existing one(s) being marked deprecated), or other measures.
Here is a rough outline (these checkboxes can/will be replaced with subtasks).
- mw.user.sessionId returns the same value during a user session which is determined by the sessionTick instrument (or its session-detecting component)
- mw.user.sessionId returns a UUIDv4 (T266813: mw.user.generateRandomSessionId should return a UUID)
- mw.user.sessionId stores the same cookie on all subdomains (no prefix), and is set to domain .wikimedia.org (all subdomains are part of the same browsing session)