[Bug 54626] forceHTTPS session cookie placed even with HTTPS opt-out set
https://bugzilla.wikimedia.org/show_bug.cgi?id=54626 --- Comment #14 from Carolina wren --- I have managed to reproduce it and this time noticed the trigger. Using Google Translate on a Wikipedia page. I have filed a new bug, Bug 55887. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 54626] forceHTTPS session cookie placed even with HTTPS opt-out set
https://bugzilla.wikimedia.org/show_bug.cgi?id=54626 --- Comment #13 from Erik Moeller --- Confirmed fixed in a Chrome private browser session with HTTPS disabled. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 54626] forceHTTPS session cookie placed even with HTTPS opt-out set
https://bugzilla.wikimedia.org/show_bug.cgi?id=54626 Brad Jorsch changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution|--- |FIXED --- Comment #12 from Brad Jorsch --- If you can reproduce this now that you've logged out and logged back in, please file a new bug with specific instructions on reproducing. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 54626] forceHTTPS session cookie placed even with HTTPS opt-out set
https://bugzilla.wikimedia.org/show_bug.cgi?id=54626 --- Comment #11 from Carolina wren --- Okay, just tried one more thing. Clearing the cookies, logging out, and logging back in. That worked. But still, I should not have ever gotten into the state I was in of it forcing me into HTTPS, so something is still wonky, even if intermittently so. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 54626] forceHTTPS session cookie placed even with HTTPS opt-out set
https://bugzilla.wikimedia.org/show_bug.cgi?id=54626 --- Comment #10 from Carolina wren --- Just realized something. One of the cookies was "wikipedia.org". If I remember correctly, then before there were separate cookies for en.wikipedia.org, fr.wikipedia.org, etc. Did someone do an optimization to use only one cookie per domain and then forget to give us the ability to opt out since there are no preferences users can set on "wikipedia.org", just on the individual sites? -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 54626] forceHTTPS session cookie placed even with HTTPS opt-out set
https://bugzilla.wikimedia.org/show_bug.cgi?id=54626 salis...@mindspring.com changed: What|Removed |Added Status|RESOLVED|REOPENED CC||salis...@mindspring.com Resolution|FIXED |--- --- Comment #9 from salis...@mindspring.com --- I'm getting forced into using HTTPS again today, so I'm reopening this bug. Not only that, but clearing the cookies doesn't help. If do that, then I get the popup message: Central login You are centrally logged in as XXX. Reload the page to apply your user settings. And 15 different new HTTPS cookies added: commons, incubator, login, mediawiki, meta, species, wikibooks, wikidata, wikinews, wikipedia, wikiquote, wikisource, wikiversity, wikivoyage, and wiktionary. I am using Firefox 24.0. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 54626] forceHTTPS session cookie placed even with HTTPS opt-out set
https://bugzilla.wikimedia.org/show_bug.cgi?id=54626 --- Comment #8 from Erik Moeller --- Thanks for checking, Brad. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 54626] forceHTTPS session cookie placed even with HTTPS opt-out set
https://bugzilla.wikimedia.org/show_bug.cgi?id=54626 --- Comment #7 from Brad Jorsch --- I don't know why it's not on that release notes page, but I just checked on tin and it is included in the version of CentralAuth in /a/common/php-1.22wmf20/extensions/CentralAuth. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 54626] forceHTTPS session cookie placed even with HTTPS opt-out set
https://bugzilla.wikimedia.org/show_bug.cgi?id=54626 Erik Moeller changed: What|Removed |Added CC||e...@wikimedia.org --- Comment #6 from Erik Moeller --- Is this in fact in wmf20? I don't see it in the release notes in https://www.mediawiki.org/wiki/MediaWiki_1.22/wmf20 -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 54626] forceHTTPS session cookie placed even with HTTPS opt-out set
https://bugzilla.wikimedia.org/show_bug.cgi?id=54626 Betacommand changed: What|Removed |Added CC||konra...@outlook.com --- Comment #5 from Betacommand --- *** Bug 55368 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 54626] forceHTTPS session cookie placed even with HTTPS opt-out set
https://bugzilla.wikimedia.org/show_bug.cgi?id=54626 Brad Jorsch changed: What|Removed |Added Status|PATCH_TO_REVIEW |RESOLVED CC||cste...@wikimedia.org Resolution|--- |FIXED --- Comment #4 from Brad Jorsch --- Marking this fixed, since the patch is merged. It looks like this just missed being included in 1.22wmf19, so it should go out to WMF wikis with 1.22wmf20. See https://www.mediawiki.org/wiki/MediaWiki_1.22/Roadmap for the schedule. Unless, of course, Chris or someone wants to backport it (which would probably happen then on Monday). -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 54626] forceHTTPS session cookie placed even with HTTPS opt-out set
https://bugzilla.wikimedia.org/show_bug.cgi?id=54626 --- Comment #3 from Gerrit Notification Bot --- Change 86101 merged by jenkins-bot: Explicitly clear forceHTTPS cookie when insecure https://gerrit.wikimedia.org/r/86101 -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 54626] forceHTTPS session cookie placed even with HTTPS opt-out set
https://bugzilla.wikimedia.org/show_bug.cgi?id=54626 Gerrit Notification Bot changed: What|Removed |Added Status|NEW |PATCH_TO_REVIEW -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 54626] forceHTTPS session cookie placed even with HTTPS opt-out set
https://bugzilla.wikimedia.org/show_bug.cgi?id=54626 --- Comment #2 from Gerrit Notification Bot --- Change 86101 had a related patch set uploaded by Anomie: Explicitly clear forceHTTPS cookie when insecure https://gerrit.wikimedia.org/r/86101 -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 54626] forceHTTPS session cookie placed even with HTTPS opt-out set
https://bugzilla.wikimedia.org/show_bug.cgi?id=54626 Andre Klapper changed: What|Removed |Added CC||agarr...@wikimedia.org, ||vasi...@gmail.com, ||wikimedia.b...@snowolf.eu Component|General/Unknown |CentralAuth Version|wmf-deployment |master Product|Wikimedia |MediaWiki extensions -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 54626] forceHTTPS session cookie placed even with HTTPS opt-out set
https://bugzilla.wikimedia.org/show_bug.cgi?id=54626 Andre Klapper changed: What|Removed |Added Priority|Unprioritized |High CC||bjor...@wikimedia.org --- Comment #1 from Andre Klapper --- I wonder if this is covered by anomie's https://gerrit.wikimedia.org/r/#/c/85776/ . Or not. For the records: https://en.wikipedia.org/w/index.php?title=Wikipedia:Village_pump_%28technical%29&oldid=574592983#Forced_secure_connection...again... https://en.wikipedia.org/w/index.php?title=Wikipedia:Village_pump_%28technical%29&oldid=574592983#http_login_issue -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l