Page MenuHomePhabricator

Bug: jquery.jStorage saved data lost on logout
Open, LowPublic

Description

When user logs out of Wikipedia and in again, all data that was saved in browser locally through jquery.jStorage module is gone. Try the example code below. It saves Date() values at the page loading time and displays all saved values. The values are incrementally added until you log out and in again.

mw.loader.load( 'jquery.jStorage' );
$(document).ready(function(){
	var value = new Date();
	var key = value.getTime();	
	$.jStorage.set( key, value.toString() );
	var jSindex = $.jStorage.index();	
	var i;
	var txt = "You have loaded the script at following times:\n\n";	
	for	(i = 0; i < jSindex.length; i++) {
		txt += (i + 1) + ". " + $.jStorage.get(jSindex[i]) + ",\n";
	}
	alert (txt);
});

This is a problem because logout happens to all users from time to time. It means that all the data saved locally through, for example, a userscript, will be lost eventually.
Tested the code on https://test2.wikipedia.org with the same result. I run the script loaded from localhost with

mw.loader.load('https://localhost/wikipediatest.js', 'text/javascript');

in https://test2.wikipedia.org/wiki/User:Cumbril/common.js

Event Timeline

Cumbril created this task.Mar 17 2015, 6:34 AM
Cumbril raised the priority of this task from to Needs Triage.
Cumbril updated the task description. (Show Details)
Cumbril added a subscriber: Cumbril.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 17 2015, 6:34 AM

This might be a stupid question, but why are userscripts saved locally (and what kind of userscripts)?
And how is this more important than forcing a logout from a time to time when it comes to security?

Cumbril added a comment.EditedMar 17 2015, 1:59 PM

Userscripts can be saved locally during their development. This way frequent changes made to the script will not pollute history. It's a recommended way of developing userscripts per https://en.wikipedia.org/wiki/Wikipedia:User_scripts/Guide. (Userscript in Wikipedia terms can be any script written in Javascript that is inserted into the page).
Loading a local script is no different than having it load from Wikipedia server, just source is different.

The purpose of browser local storage is to have data saved locally for indefinite time (if you don't set TTL parameter). Deleting the data defeats this purpose.

Cumbril renamed this task from jquery.jStorage saved data lost on logout to Bug: jquery.jStorage saved data lost on logout.Mar 17 2015, 2:35 PM
Cumbril set Security to None.
Cumbril added subscribers: ori, Mattflaschen-WMF.
Aklapper triaged this task as Low priority.Mar 17 2015, 6:14 PM

Just did some tests and now the data is not lost on https://test2.wikipedia.org/ server after logging out and back in. In the live https://en.wikipedia.org/ server the data is lost.

Just did some tests and now the data is not lost on https://test2.wikipedia.org/ server after logging out and back in. In the live https://en.wikipedia.org/ server the data is lost.

I haven't investigated, but (especially given what you said about test2) I'm not sure this has anything to do with logging out. It may actually be a symptom of T66721: mw.loader.store should not occupy all of localStorage.

I have tested saving data with using Javascript localStorage.setItem directly (without using jquery.jStorage wrapper). In this case data is consistently recorded and survives logging out and in.