Wedge

What the who's online log does is tell you what's going on at the time you look at it. Server logs give you a complete record.So you build websites based on a single statistic that may as well be a random number, and that a number of people actively *lie* about that statistic to other users.And we all know that lying to users is a sure way to screw things up too.From a user's point of view, if that information isn't even displayed, you have to rely on other information to build a judgement upon, namely the posts and looking around the forum and its content. I could display a random number there for all the meaning it would provide.Thank you for ignoring the key point of my post. I never said anything about hiding the number of active members. Only hiding the number of guests, which might as well be a random number for all the good it will do.It's not my idea, it's also not an idea I'm a fan of, because I think it's actually irrelevant. And really, doing it by IP address will do nothing other than what you can provide by the access logs.

Oh, sorry, yeah, this is a mostly new install of Notepad++ which I forgot to reconfigure for LF only. When I first made the file I actually called it SplitTopics because it was just the stuff for SplitTopics.php (namely splitting and merging) but then I moved the topic-moving stuff in as well.

Thing is, it's totally related to managing topics, rather than topics in general, hence the name.

And thanks Aaron :) Certainly I find that I forget some things, notably dates and times which Nao's done a lot of work on, but for the rest of the things out there, I've got a fair idea of how I think it has to work to actually be meaningfully suited to i18n, and the biggest thing is tackling these awkward composite strings where a single line is made out of $txt['something'], $variable, $txt['something_else'], because that causes so many problems!

I am aware though that some of my moderation filters UI won't work properly in RTL because of the way it builds certain strings but I figure to a point we'll deal with that when there are people around who actually use an RTL language and can be best placed to tell us how it has to work. I'm not familiar enough with other languages to make that much of a call on it.

And actually while my native language doesn't require me to think outside the box in terms of phasing out composite strings and bringing in sprintf type strings, it does make me acute of how to cope with multiple languages at once, and I'm still not sure how exactly I want to handle English US vs English UK though I know I will want to do just that. (It makes me chuckle that phpBB has the exact opposite problem, having a strong British heritage)

Without wishing to sound like I'm taking a cheap shot at SMF (because I'm not), I'm a bit concerned how they're planning to solve this fundamental problem in the future. I can't remember when it was logged on the tracker, but AngelinaBelle (IIRC) logged an issue to deal with these composite strings, and the general approach was to create multiple forms of the relevant words for composite elements, so when you had some of these, you'd have multiple different words depending on the context, e.g. $txt['members_normative'] and $txt['members_declarative'] which in English would be the same string but would be different strings in other languages, I think it was talking about German.

But instead of doing that, I figured it's simply cleaner and easier (if very slightly slower) to create the complete string so you always have the term in relevant context.

Still, it's not like XenForo or other systems where we put it all in the DB...

Yup, there is a huge argument about it. There are a few things that bug me with respect to SMF/Wedge's implementation, and at this point I am specifically referring to the PHPSESSID cookie, NOT the logged in one.

1. The PHPSESSID cookie is normally a session cookie but due to odd behaviour it can also become a persistent cookie when you actually sign in, and its state becomes somewhat indeterminant at that point too.

2. There is no behaviour in SMF or Wedge that relies on the PHPSESSID cookie for remembering previous actions, no behaviour for managing or passing security tokens, nor maintaining tokens for security or for routing purposes.

3. It does, however, store a unique identifier for that session to identify the user. There are no consistency concerns, no accuracy concerns.

4. Its primary use is to uniquely identify a user for the purposes of seeing how many users are online at once. Because of the fact it is a full session, it also stores things like what user agent the user is reporting and also the URL they are visiting. This does have a concern regarding privacy since we have a uniquely identified session and tracking otherwise personal details.

So, yes, I agree that it does come under the definition of uniquely tracking a user. But there are concerns attached to it because it isn't used for any behaviour other than analytics. This puts it into the category of questionable.

And yes, it is a session cookie, in theory. Practice is somewhat different, though.

The cookie itself doesn't log that information, but it does tie it to a database record which does.I think the best thing to do would be for you to stop taking this argument around and around and around in circles. Stop trying to justify something you don't know enough about, please, for the sake of everyone else trying to solve this. You're taking pieces of the advice out of context and trying to apply them to what you think is going on.

The facts remain thus: no matter how much you argue, the PHPSESSID cookie is not compliant based on the terms and wording of the law (as opposed to the layman's interpretation, which you're misquoting and taking out of context). That said, the law's terms are very vague and badly defined, so it's possible that the PHPSESSID cookie could be argued to be compliant but certainly the current implementation DOES NOT COMPLY IN FULL. Stop trying to pretend otherwise.

Now, that's not to say that it can't be made compliant, it certainly can, but some work is required to make that the case.

AND AGAIN: UNTIL WE HAVE A RESPONSE FROM THE ICO, THIS IS ALL HYPOTHETICAL ANYWAY.It's not entirely feasible, and it is also considered bad faith under the privacy and tracking considerations, which is the entire point of this law in the first place: to protect user privacy.


Do we actually *need* to track unique guests? Do we care how many 'guests' are online at once? Do we care how many 'unique guests' (given that's a figure that we don't really understand nor have any accuracy for) are online at once?

If we do care, we should push for using something like Google Analytics and do it that way (with all the cookie concerns that way), but if we don't care out of the box for 'unique guests', a figure I'm actually not that bothered with anyway, we could ditch it, be compliant out of the box by not using *any* cookies for guests at all, save some DB space by not tracking active numbers of guests as true sessions, make it a little faster by not performing queries for this sort of thing for guests, and just for fun, make it faster by saving bandwidth.

How important, really, is the number of 'maybe unique guests' to us?

Hence the 'refresh to interact' too ;)

That's not a bug, that's exactly as designed.

No, the move to 2.0 wasn't pretty, I wasn't involved but I was aware that 1.1 used numeric indexes and that there's even hints of that still in Wedge (e.g. the movetopic strings I moved yesterday, being numbered 1 through 4)

But either way, we're definitely moving in the right direction.

Yes, it will. First thing it does is strtolower the string.