Page MenuHomePhabricator

Delete edit recovery data when logging out
Open, Needs TriagePublicFeature

Description

Feature summary (what you would like to be able to do and where):

When a user who has edit recovery data saved to their browser's storage logs out, all recovery data should be deleted when the user logs out. This can be done when they click log out.

The data should not be cleared when logging in, to account for users who start to edit a page, realise they're not logged in, log in, and want to pick up the edit where they left off.

Use case(s) (list the steps that you performed to discover that problem, and describe the actual underlying problem which you want to solve. Do not describe only a solution):

  • As a user who shares a computer with someone else, I don't want my personal unsaved edits to be visible to anyone else.

Benefits (why should this be implemented?):

  • Allows for better sharing of devices.
  • Frees up storage.

Questions:

  • What happens for temporary accounts?
  • It's important to note that the data is not actually private to the users who share a device. How can we make this clear?

Event Timeline

Change 951056 had a related patch set uploaded (by Samtar; author: Samtar):

[mediawiki/core@master] editRecovery: Delete all edit recovery data on logout

https://gerrit.wikimedia.org/r/951056

TheresNoTime changed the task status from Open to Stalled.EditedAug 30 2023, 10:25 AM

Stalling on ongoing discussions irt. loading code on every page (ref. T342738)

TheresNoTime changed the task status from Stalled to Open.Sep 11 2023, 11:58 AM

I don't think we do much wiping of data when users log out in general, and you could argue this is either a good or bad thing.

There is definitely a real use case here for users with mutiple leigitimate accounts. I wouldn't expect a draft to be discarded because I was logged in with the wrong account when composing it, and tried to switch accounts.

Futhermore I would get no warning (without complicating the logout process) that my draft was about to be deleted.

What about a prompt on logout? e.g. "You have unsaved edits for recovery — do you want to keep these?"

I think a warning prompt sounds like a good idea. It could include a link to Special:EditRecovery.

Change 951056 abandoned by Samtar:

[mediawiki/core@master] editRecovery: Delete all edit recovery data on logout

Reason:

https://gerrit.wikimedia.org/r/951056

Change 1006913 had a related patch set uploaded (by Samtar; author: Samtar):

[mediawiki/core@master] [WIP] Delete edit recovery data when logging out

https://gerrit.wikimedia.org/r/1006913

What about a prompt on logout? e.g. "You have unsaved edits for recovery — do you want to keep these?"

Unless this wipes all data from all our editing apps that might use localStorage, I think this might be misleading. For example this wouldn't wipe draft comments/edits in DiscussionTools or VisualEditor.

This ticket sounds a lot like https://phabricator.wikimedia.org/T342738, where I made a recommendation to:

  1. when a user is logged out involuntarily (network blip, session expiry), store the edit recovery data according to their user ID. If another user logs in, or someone is anonymously editing, then they won't see the eidts.
  2. Expose a message that the user has been logged out.

Still, this seems like a pretty big edge case to me. I, and I'd be curious about the effort (primarily for requirement #1) in order to give this the green light.

Hey @Samwilson @TheresNoTime , what's keeping this ticket in the "needs attention" column? Are we blocked by anything?

The one open patch is marked as WIP. Is this ready for review or no?