Page MenuHomePhabricator

High frequency warning logged in production: Cookies set on {url} with Cache-Control "{cache-control}"
Open, MediumPublicBUG REPORT


MediaWiki triggers a warning when attempting to set a cookie on a response that is marked as cacheable, and then forces it to be non-cacheable.

This currently happens in production a LOT, several times per second. We should decide whether this is just acceptable behavior and lower the log level to INFO, or fix the code that causes this to happen.

There seem to be different scenarios that trigger this issue. Depending on further analysis, it may be best to track them in separate tickets. An initial survey shows the following patterns:

  1. setting ss0-metawikiSession and ss0-metawikiSession in a request to /w/index.php?title=MediaWiki:Wikiminiatlas.js&action=raw or /w/index.php?title=MediaWiki:Gadget-HotCat.js&action=raw . The JS output should be cacheable. It is unclear why session cookies are set here.
  2. setting centralnotice_hide_wle_2021_ma=%7B%22v in a GET request to /w/index.php?title=Special:HideBanners. This seems intentional, the response should probably not be cacheable.

Event Timeline

Overall, action=raw's behaviour sounds to me like it is normal and expected.

Did the rate recently increase, or is this meant to be something we think has been the same way for many years but we want to improve it?

See also:

BPirkle triaged this task as Medium priority.Jun 22 2021, 9:22 PM
BPirkle moved this task from Inbox to Later on the Platform Team Workboards (Clinic Duty Team) board.

Change 861391 had a related patch set uploaded (by TK-999; author: TK-999):

[mediawiki/core@master] Rest: Prevent caching responses for logged-in users

Change 861391 merged by jenkins-bot:

[mediawiki/core@master] Rest: Prevent caching responses for logged-in users