Page MenuHomePhabricator
Create Task
Maniphest T422874

Remove references to unused 'wsToken' field in session data
Closed, ResolvedPublic
Actions

Description

The 'wsToken' field in session data was once used by pre-AuthManager session handling, but it's not used anymore. The code was mostly removed in 2016 in https://gerrit.wikimedia.org/r/c/mediawiki/core/+/267737/3/includes/user/User.php, with some more pieces removed in 2022 in https://gerrit.wikimedia.org/r/c/mediawiki/core/+/861504. The only remaining references are the code that sets it, and some code in CentralAuth that tries to unset it. We should remove it.

(This field is not related to 'wsTokenSecrets', which is still used for CSRF tokens. We also set 'wsUserID' and 'wsUserName' in the same code, and those could probably be removed with some effort, but there are still some references in extensions.)

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Stop setting 'wsToken' field in session data, no longer usedmediawiki/coremaster+0 -1
Stop checking 'wsToken' field in session data, no longer usedmediawiki/extensions/CentralAuthmaster+0 -23
Customize query in gerrit

Event Timeline

matmarex created this task.Apr 9 2026, 7:45 PM
Restricted Application added a project: MediaWiki-Platform-Team. · View Herald TranscriptApr 9 2026, 7:45 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
gerritbot added a comment.Apr 9 2026, 7:49 PM

Change #1269618 had a related patch set uploaded (by Bartosz Dziewoński; author: Bartosz Dziewoński):

[mediawiki/extensions/CentralAuth@master] Stop checking 'wsToken' field in session data, no longer used

https://gerrit.wikimedia.org/r/1269618

gerritbot added a project: Patch-For-Review.Apr 9 2026, 7:49 PM

Change #1269619 had a related patch set uploaded (by Bartosz Dziewoński; author: Bartosz Dziewoński):

[mediawiki/core@master] Stop setting 'wsToken' field in session data, no longer used

https://gerrit.wikimedia.org/r/1269619

matmarex claimed this task.Apr 9 2026, 7:52 PM
DAlangi_WMF moved this task from Inbox, needs triage to Kanban Board on the MediaWiki-Platform-Team board.Apr 9 2026, 9:26 PM
DAlangi_WMF edited projects, added MediaWiki-Platform-Team (Kanban Board); removed MediaWiki-Platform-Team.
DAlangi_WMF moved this task from Essential Work to In Progress on the MediaWiki-Platform-Team (Kanban Board) board.
gerritbot added a comment.Apr 13 2026, 5:26 PM

Change #1269618 merged by jenkins-bot:

[mediawiki/extensions/CentralAuth@master] Stop checking 'wsToken' field in session data, no longer used

https://gerrit.wikimedia.org/r/1269618

gerritbot added a comment.Apr 13 2026, 5:36 PM

Change #1269619 merged by jenkins-bot:

[mediawiki/core@master] Stop setting 'wsToken' field in session data, no longer used

https://gerrit.wikimedia.org/r/1269619

matmarex closed this task as Resolved.Apr 13 2026, 5:51 PM
ReleaseTaggerBot added a project: MW-1.46-notes (1.46.0-wmf.24; 2026-04-14).Apr 13 2026, 6:00 PM
Maintenance_bot removed a project: Patch-For-Review.Apr 13 2026, 6:31 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits