From: Timo Tijhof <krinklemail@gmail.com>
Date: Mon, 27 Feb 2017 21:57:15 +0000 (-0800)
Subject: mediawiki.user: Move JS session token from cookie to sessionStorage
X-Git-Tag: 1.31.0-rc.0~3941^2
X-Git-Url: https://git.cyclocoop.org/%27.WWW_URL.%27admin/?a=commitdiff_plain;h=213cdfbec8cf063a6e5a6f168ec97dbd32653d4f;p=lhc%2Fweb%2Fwiklou.git

mediawiki.user: Move JS session token from cookie to sessionStorage

The old cookies will become unused and expiry automatically.

Also add basic unit tests.

Bug: T110353
Change-Id: I6fa98ae797481dfaef95ab1ea996ebf057f8d55d
---

diff --git a/resources/src/mediawiki/mediawiki.user.js b/resources/src/mediawiki/mediawiki.user.js
index c4c91f95b1..d1fa84aa27 100644
--- a/resources/src/mediawiki/mediawiki.user.js
+++ b/resources/src/mediawiki/mediawiki.user.js
@@ -118,18 +118,18 @@
 		},
 
 		/**
-		 * Get an automatically generated random ID (stored in a session cookie)
+		 * Get an automatically generated random ID (persisted in sessionStorage)
 		 *
-		 * This ID is ephemeral for everyone, staying in their browser only until they close
-		 * their browser.
+		 * This ID is ephemeral for everyone, staying in their browser only until they
+		 * close their browsing session.
 		 *
 		 * @return {string} Random session ID
 		 */
 		sessionId: function () {
-			var sessionId = mw.cookie.get( 'mwuser-sessionId' );
-			if ( sessionId === null ) {
+			var sessionId = mw.storage.session.get( 'mwuser-sessionId' );
+			if ( !sessionId ) {
 				sessionId = mw.user.generateRandomSessionId();
-				mw.cookie.set( 'mwuser-sessionId', sessionId, { expires: null } );
+				mw.storage.session.set( 'mwuser-sessionId', sessionId );
 			}
 			return sessionId;
 		},
diff --git a/tests/qunit/suites/resources/mediawiki/mediawiki.user.test.js b/tests/qunit/suites/resources/mediawiki/mediawiki.user.test.js
index 7f6efa0c77..bc12642983 100644
--- a/tests/qunit/suites/resources/mediawiki/mediawiki.user.test.js
+++ b/tests/qunit/suites/resources/mediawiki/mediawiki.user.test.js
@@ -95,6 +95,13 @@
 
 		result2 = mw.user.generateRandomSessionId();
 		assert.notEqual( result, result2, 'different when called multiple times' );
+	} );
 
+	QUnit.test( 'sessionId', function ( assert ) {
+		var result = mw.user.sessionId(),
+			result2 = mw.user.sessionId();
+		assert.equal( typeof result, 'string', 'type' );
+		assert.equal( $.trim( result ), result, 'no leading or trailing whitespace' );
+		assert.equal( result2, result, 'retained' );
 	} );
 }( mediaWiki, jQuery ) );