@Niharika Is this a duplicate of T300271: [IP Masking] Temporary Account Expiration, or a child/parent task? I've tagged Growth-Team since it's the same topic

In T300271#8476279, @Tgr wrote:

Expire in what sense? The status quo is that the login cookie is set to expire in one year (on Wikimedia wikis; the default is six months I think); after that expires, the user has no way of using that account ever again. Cookie expiry is controlled by the browser, which is controlled by the user, so they can prevent expiry if they go to some extra length (use developer tools or install a dedicated extension).

An alternative would be to lock temporary accounts which are over a year old, either via the UserIsLocked hook or just by invalidating the session.

Another alternative would be to physically delete temporary accounts that are over a year old. We need to keep the actor record forever because of page history; I'm not sure we need to keep the user record forever (although probably lots of code assumes we do and would have to be updated). At a minimum we could expunge any user data other than the name (user preferences, notifications, watchlists if temporary users have those).

If the temporary username changes during that time (due to the cookie being reset or something else), the clock resets back to one year.

By change, you mean that the user loses their temporary identity and gets assigned a new one, right?

In T325459#8515696, @Tgr wrote:

If the temporary username changes during that time (due to the cookie being reset or something else), the clock resets back to one year.

By change, you mean that the user loses their temporary identity and gets assigned a new one, right?

When they make a new edit after expiry they get assigned a new temporary username.

Temporary names are not supposed to persist forever. We need to limit the time period that the temporary username is assigned to the user for. We want this time limit to be configurable.

@Niharika, when you say "We want this time limit to be configurable" do you mean that we want communities/local Admins to be able to set this time limit? Should that be a separate post-MVP task, or included in the MVP? If we plan to allow communities to configure this, I assume we want to provide a minimum / maximum limit, correct?

@RHo - Am I missing something? This task is just a duplicate of T300271: [IP Masking] Temporary Account Expiration, correct?

In T325459#9072552, @KStoller-WMF wrote:

@RHo - Am I missing something? This task is just a duplicate of T300271: [IP Masking] Temporary Account Expiration, correct?

I believe so.

In T325459#8918975, @KStoller-WMF wrote:

Temporary names are not supposed to persist forever. We need to limit the time period that the temporary username is assigned to the user for. We want this time limit to be configurable.

@Niharika, when you say "We want this time limit to be configurable" do you mean that we want communities/local Admins to be able to set this time limit? Should that be a separate post-MVP task, or included in the MVP? If we plan to allow communities to configure this, I assume we want to provide a minimum / maximum limit, correct?

Suggest moving discussion about configurability to the other task, but don't quite understand what configurability would entail . My understanding is that temp accounts get created globally (eg if I edit without an account in enwiki and get a temp account, I will show as the same temp account if I then navigated to dawiki), so if we mean configurable to different expiry periods across projects that would be quite complex without clear benefit, right? Unless it means something else...