MediaWiki triggers a warning when attempting to set a cookie on a response that is marked as cacheable, and then forces it to be non-cacheable.
This currently happens in production a LOT, several times per second. We should decide whether this is just acceptable behavior and lower the log level to INFO, or fix the code that causes this to happen.
There seem to be different scenarios that trigger this issue. Depending on further analysis, it may be best to track them in separate tickets. An initial survey shows the following patterns:
- setting ss0-metawikiSession and ss0-metawikiSession in a request to /w/index.php?title=MediaWiki:Wikiminiatlas.js&action=raw or /w/index.php?title=MediaWiki:Gadget-HotCat.js&action=raw . The JS output should be cacheable. It is unclear why session cookies are set here.
- setting centralnotice_hide_wle_2021_ma=%7B%22v in a GET request to /w/index.php?title=Special:HideBanners. This seems intentional, the response should probably not be cacheable.