Last modified: 2014-02-12 23:54:12 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T43519, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 41519 - Don't retrieve edit token (or any other type of tokens) on article view
Don't retrieve edit token (or any other type of tokens) on article view
Status: RESOLVED FIXED
Product: MobileFrontend
Classification: Unclassified
stable (Other open bugs)
unspecified
All All
: Highest blocker
: ---
Assigned To: Jon
https://mingle.corp.wikimedia.org/pro...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-10-29 23:54 UTC by Max Semenik
Modified: 2014-02-12 23:54 UTC (History)
9 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Max Semenik 2012-10-29 23:54:05 UTC 
Per Asher, this result in session creation for anon users and their requests bypassing frontend caches. Marking as blocker as this prevents us from deploying new code (which retrieves even more tokens).
Comment 1 Jon 2012-10-30 01:48:51 UTC 
We can certainly turn these off for anonymous users by attaching a class to the html tag for logged in users (provided that doesn't effect caching)

However I'd be very surprised if the large increase in the amount of session creation is due to watch and edit token requesting since this is limited to beta. 

Talking to Patrick he said it was mostly due to the CSRF requests caused in non-beta
Comment 2 Jon 2012-10-30 17:49:04 UTC 
https://gerrit.wikimedia.org/r/30806 will help somewhat.
Comment 3 Max Semenik 2012-10-30 18:52:14 UTC 
Mobile token has been mostly killed with https://gerrit.wikimedia.org/r/30812
Other tokens aren't retrieved for anons as of https://gerrit.wikimedia.org/r/#/c/30806/

Session is now initialized for anons only when they visit Special:MobileOptions - for CSRF protection, however usual reading shall not create any cache-bypassing cookies now.
Comment 4 Max Semenik 2013-03-20 21:42:33 UTC 
Still a pointless request on every logged-in page view:

GET /w/api.php?format=json&action=tokens&type=watch

Should be fixed during our performance sprint.
Comment 5 Jon 2013-03-28 17:12:19 UTC 
https://gerrit.wikimedia.org/r/56411
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links