Page MenuHomePhabricator

MediaWiki Session ID should have per-subdomain and cross-subdomain variants
Open, Needs TriagePublic

Description

For many purposes, e.g. content translation, we expect a user session to span multiple projects. Currently, we prefix all cookies by the dbname and its domain is defaulted to the current domain.

To have a cookie used on all subdomains, we would need to specify overrides for these defaults when storing the ID using mw.cookie.

In addition to the current wiki-specific session ID ("mwuser-sessionId"), we should have a cross-subdomain session ID (e.g. "xsd-sessionId", idk) that can be used in cases like Content Translation analytics.

Event Timeline

jlinehan renamed this task from MediaWiki Session ID is shared across subdomains to MediaWiki Session ID should be shared across subdomains.Nov 4 2020, 2:18 PM
mpopov renamed this task from MediaWiki Session ID should be shared across subdomains to A shared session ID across subdomains.Nov 4 2020, 2:23 PM
mpopov updated the task description. (Show Details)
jlinehan renamed this task from A shared session ID across subdomains to MediaWiki Session ID should have per-subdomain and cross-subdomain variants.Nov 4 2020, 2:25 PM
mpopov updated the task description. (Show Details)

Just want it noted that if we can have cross-domain (not just cross-subdomain) session ID (e.g. track a session across Wikipedia languages, Wikimedia Commons, Wikidata, Wikivoyage languages, etc.) that would be AMAZING.

@jlinehan: In which codebase would such changes have to take place?