From 213cdfbec8cf063a6e5a6f168ec97dbd32653d4f Mon Sep 17 00:00:00 2001
From: Timo Tijhof <krinklemail@gmail.com>
Date: Mon, 27 Feb 2017 13:57:15 -0800
Subject: [PATCH] mediawiki.user: Move JS session token from cookie to
 sessionStorage

The old cookies will become unused and expiry automatically.

Also add basic unit tests.

Bug: T110353
Change-Id: I6fa98ae797481dfaef95ab1ea996ebf057f8d55d
---
 resources/src/mediawiki/mediawiki.user.js            | 12 ++++++------
 .../resources/mediawiki/mediawiki.user.test.js       |  7 +++++++
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/resources/src/mediawiki/mediawiki.user.js b/resources/src/mediawiki/mediawiki.user.js
index c4c91f95b1..d1fa84aa27 100644
--- a/resources/src/mediawiki/mediawiki.user.js
+++ b/resources/src/mediawiki/mediawiki.user.js
@@ -118,18 +118,18 @@
 		},
 
 		/**
-		 * Get an automatically generated random ID (stored in a session cookie)
+		 * Get an automatically generated random ID (persisted in sessionStorage)
 		 *
-		 * This ID is ephemeral for everyone, staying in their browser only until they close
-		 * their browser.
+		 * This ID is ephemeral for everyone, staying in their browser only until they
+		 * close their browsing session.
 		 *
 		 * @return {string} Random session ID
 		 */
 		sessionId: function () {
-			var sessionId = mw.cookie.get( 'mwuser-sessionId' );
-			if ( sessionId === null ) {
+			var sessionId = mw.storage.session.get( 'mwuser-sessionId' );
+			if ( !sessionId ) {
 				sessionId = mw.user.generateRandomSessionId();
-				mw.cookie.set( 'mwuser-sessionId', sessionId, { expires: null } );
+				mw.storage.session.set( 'mwuser-sessionId', sessionId );
 			}
 			return sessionId;
 		},
diff --git a/tests/qunit/suites/resources/mediawiki/mediawiki.user.test.js b/tests/qunit/suites/resources/mediawiki/mediawiki.user.test.js
index 7f6efa0c77..bc12642983 100644
--- a/tests/qunit/suites/resources/mediawiki/mediawiki.user.test.js
+++ b/tests/qunit/suites/resources/mediawiki/mediawiki.user.test.js
@@ -95,6 +95,13 @@
 
 		result2 = mw.user.generateRandomSessionId();
 		assert.notEqual( result, result2, 'different when called multiple times' );
+	} );
 
+	QUnit.test( 'sessionId', function ( assert ) {
+		var result = mw.user.sessionId(),
+			result2 = mw.user.sessionId();
+		assert.equal( typeof result, 'string', 'type' );
+		assert.equal( $.trim( result ), result, 'no leading or trailing whitespace' );
+		assert.equal( result2, result, 'retained' );
 	} );
 }( mediaWiki, jQuery ) );
-- 
2.20.1