Printable Version of Topic

Posted by: thekohser

Ain't there some way on Wikipedia to automatically log out your account based on some pre-set parameters (such as 30 minutes without an edit, or upon closure of one's browser, etc.)?

Posted by: Nerd

I expect there's a way using javascript. That sounds like a good idea actually.

Posted by: dogbiscuit

Yes, a nice big checkbox saying "Sock-puppeteer protection enabled"

Posted by: CharlotteWebb

Wikipedia can't tell whether you've closed your browser and opened it again, but you can configure the browser to delete all cookies at that time (for some, this is the default privacy setting) regardless of the duration the server intends.

Checking whether you have edited in the last N minutes would be a little more difficult, but I'm sure I could do it using javascript if somebody actually has a need for it.

But no, there's no currently built-in feature to this effect.

Posted by: dogbiscuit

Cookies have an expiration time, so a 30 minute without an edit cookie is a trivial bit of PHP to set the cookie with each interaction. You magically don't send the cookie back to Wikipedia after 31 minutes as part of browser functionality.

Posted by: CharlotteWebb

Magically indeed, what browser functionality is this?

Well if it's greasemonkey we might be on the same page…

Posted by: dogbiscuit

A cookie is just a header that is downloaded and stored. When the browser sees a cookie that matches a site domain, it automatically sends the cookie back as part of the request in brain dead fashion. At the point the cookie expiration date expires, it is no longer sent back and so the site no longer has the login information (unless it also is tracking by session and decides that it is not interested in cookies while the session is current).

However, that is the principle that something like eBay would achieve its "Keep me signed in for a day" function.

Posted by: Random832

Um, with the cookie gone, the site also no longer has the session, unless it's done something like a url parameter (which is normally only done if a browser does not support cookies at all)

Posted by: dogbiscuit

The session cookie would be distinct from a cookie of login info, and the session normally is killed off when you shut down the browser, again by appropriate setting of the cookie. Session variables are stored on the server, essentially indexed by the session id, whereas the login info needs to be kept on the client computer to survive across sessions.

I'm sure we are not disagreeing, the point is that it is old hat to come up with a fairly robust scheme of timing out sessions, either using server tricks, client tricks or a combination of the two, normally the latter.