Page MenuHomePhabricator
Create Task
Maniphest T285210

High frequency warning logged in production: Cookies set on {url} with Cache-Control "{cache-control}"
Open, MediumPublicBUG REPORT
Actions

Description

MediaWiki triggers a warning when attempting to set a cookie on a response that is marked as cacheable, and then forces it to be non-cacheable.

This currently happens in production a LOT, several times per second. We should decide whether this is just acceptable behavior and lower the log level to INFO, or fix the code that causes this to happen.

There seem to be different scenarios that trigger this issue. Depending on further analysis, it may be best to track them in separate tickets. An initial survey shows the following patterns:

  1. setting ss0-metawikiSession and ss0-metawikiSession in a request to /w/index.php?title=MediaWiki:Wikiminiatlas.js&action=raw or /w/index.php?title=MediaWiki:Gadget-HotCat.js&action=raw . The JS output should be cacheable. It is unclear why session cookies are set here.
  2. setting centralnotice_hide_wle_2021_ma=%7B%22v in a GET request to /w/index.php?title=Special:HideBanners. This seems intentional, the response should probably not be cacheable.

Details

SubjectRepoBranchLines +/-
Rest: Prevent caching responses for logged-in usersmediawiki/coremaster+36 -6
Customize query in gerrit

Related Objects

Event Timeline

daniel created this task.Jun 21 2021, 10:43 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 21 2021, 10:43 AM
DStrine added a project: Fundraising-Backlog.Jun 21 2021, 2:39 PM
Krinkle updated the task description. (Show Details)Jun 21 2021, 6:19 PM
Gilles moved this task from Inbox, needs triage to Radar on the Performance-Team board.Jun 21 2021, 6:20 PM
Gilles edited projects, added Performance-Team (Radar); removed Performance-Team.
Krinkle added a subscriber: Krinkle.Jun 21 2021, 6:23 PM

Overall, action=raw's behaviour sounds to me like it is normal and expected.

Did the rate recently increase, or is this meant to be something we think has been the same way for many years but we want to improve it?

See also:

Krinkle moved this task from Limbo to Watching on the Performance-Team (Radar) board.Jun 21 2021, 6:23 PM
DStrine moved this task from Triage to Sprint +1 on the Fundraising-Backlog board.Jun 21 2021, 7:37 PM
DStrine moved this task from Sprint +1 to Q1 FY2022-23 on the Fundraising-Backlog board.Jun 22 2021, 4:23 PM
BPirkle triaged this task as Medium priority.Jun 22 2021, 9:22 PM
BPirkle moved this task from Inbox to Later on the Platform Team Workboards (Clinic Duty Team) board.
Krinkle added a project: Sustainability (Incident Followup).Jun 6 2022, 12:18 PM
gerritbot added a comment.Nov 28 2022, 2:28 PM

Change 861391 had a related patch set uploaded (by TK-999; author: TK-999):

[mediawiki/core@master] Rest: Prevent caching responses for logged-in users

https://gerrit.wikimedia.org/r/861391

gerritbot added a project: Patch-For-Review.Nov 28 2022, 2:28 PM
XenoRyet moved this task from Q1 FY2022-23 to Unscheduled on the Fundraising-Backlog board.Mar 13 2023, 9:40 PM
gerritbot added a comment.May 22 2023, 12:27 AM

Change 861391 merged by jenkins-bot:

[mediawiki/core@master] Rest: Prevent caching responses for logged-in users

https://gerrit.wikimedia.org/r/861391

Maintenance_bot removed a project: Patch-For-Review.May 22 2023, 12:30 AM
ReleaseTaggerBot added a project: MW-1.41-notes (1.41.0-wmf.10; 2023-05-23).May 22 2023, 1:00 AM
Krinkle removed a project: Performance-Team (Radar).Aug 18 2023, 8:13 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL