[Bug 53379] unchecking "Always use a secure connection when logged in" leaves forceHTTPS cookie set

https://bugzilla.wikimedia.org/show_bug.cgi?id=53379 --- Comment #16 from jida...@jidanni.org --- (In reply to comment #15) Well Facebook gets this right with a single choice, so once this is working right on Wikipedia (yet?) one will be enough... -- You are receiving this mail because: You are

[Bug 53379] unchecking "Always use a secure connection when logged in" leaves forceHTTPS cookie set

https://bugzilla.wikimedia.org/show_bug.cgi?id=53379 --- Comment #15 from Andre Klapper --- (In reply to comment #14) > Please add a second preference: Please file separate requests as separate tickets (though I can imagine this request to be a WONTFIX as I'm not convinced how large the userbase

[Bug 53379] unchecking "Always use a secure connection when logged in" leaves forceHTTPS cookie set

https://bugzilla.wikimedia.org/show_bug.cgi?id=53379 jida...@jidanni.org changed: What|Removed |Added CC||jida...@jidanni.org --- Comment #

[Bug 53379] unchecking "Always use a secure connection when logged in" leaves forceHTTPS cookie set

https://bugzilla.wikimedia.org/show_bug.cgi?id=53379 Tyler Romeo changed: What|Removed |Added Status|PATCH_TO_REVIEW |RESOLVED Resolution|---

[Bug 53379] unchecking "Always use a secure connection when logged in" leaves forceHTTPS cookie set

https://bugzilla.wikimedia.org/show_bug.cgi?id=53379 Bartosz Dziewoński changed: What|Removed |Added CC||matma@gmail.com --- Comment #

[Bug 53379] unchecking "Always use a secure connection when logged in" leaves forceHTTPS cookie set

https://bugzilla.wikimedia.org/show_bug.cgi?id=53379 --- Comment #11 from Gerrit Notification Bot --- Change 81614 abandoned by Seb35: Set a non-secure attribute when clearing a cookie Reason: This change was integrated in the more general change I3c16ff92781e1a72346058ae3838d8fc47019d55 https:

[Bug 53379] unchecking "Always use a secure connection when logged in" leaves forceHTTPS cookie set

https://bugzilla.wikimedia.org/show_bug.cgi?id=53379 --- Comment #10 from Chris Steipp --- Thanks for the research Seb35. In most browsers, cookies with the same name will overwrite each other, even with different security, but there could be some browsers that don't. If you see any that follow t

[Bug 53379] unchecking "Always use a secure connection when logged in" leaves forceHTTPS cookie set

https://bugzilla.wikimedia.org/show_bug.cgi?id=53379 --- Comment #9 from Seb35 --- I was mistaken, sorry, a non-secure cookie can be deleted by a corresponding secure cookie. I just tried again with Opera and Firefox and they are really deleted (I probably worked too late last night), as it seems

[Bug 53379] unchecking "Always use a secure connection when logged in" leaves forceHTTPS cookie set

https://bugzilla.wikimedia.org/show_bug.cgi?id=53379 --- Comment #8 from Seb35 --- I confirm experimentally that removing the Secure attribute to the forceHTTPS cookie correctly delete the cookie when log out (on Opera 12.16 and Firefox 20.0). A step to really confirm this is to dive into the sou

[Bug 53379] unchecking "Always use a secure connection when logged in" leaves forceHTTPS cookie set

https://bugzilla.wikimedia.org/show_bug.cgi?id=53379 --- Comment #7 from Gerrit Notification Bot --- Change 81614 had a related patch set uploaded by Seb35: Set a non-secure attribute when clearing a cookie https://gerrit.wikimedia.org/r/81614 -- You are receiving this mail because: You are th

[Bug 53379] unchecking "Always use a secure connection when logged in" leaves forceHTTPS cookie set

https://bugzilla.wikimedia.org/show_bug.cgi?id=53379 Seb35 changed: What|Removed |Added CC||seb35wikipe...@gmail.com Blocks|

[Bug 53379] unchecking "Always use a secure connection when logged in" leaves forceHTTPS cookie set

https://bugzilla.wikimedia.org/show_bug.cgi?id=53379 Gerrit Notification Bot changed: What|Removed |Added Status|NEW |PATCH_TO_REVIEW -- You are

[Bug 53379] unchecking "Always use a secure connection when logged in" leaves forceHTTPS cookie set

https://bugzilla.wikimedia.org/show_bug.cgi?id=53379 --- Comment #5 from Gerrit Notification Bot --- Change 81531 had a related patch set uploaded by Chad: Add help message to prefershttps https://gerrit.wikimedia.org/r/81531 -- You are receiving this mail because: You are the assignee for the

[Bug 53379] unchecking "Always use a secure connection when logged in" leaves forceHTTPS cookie set

https://bugzilla.wikimedia.org/show_bug.cgi?id=53379 --- Comment #4 from Chris Steipp --- (In reply to comment #0) > It's happening because my UserLogin sets $wgCookiePrefixforceHTTPS to true, > and > changing the preference does NOT clear this cookie. I have to logout, after > logging back in (

[Bug 53379] unchecking "Always use a secure connection when logged in" leaves forceHTTPS cookie set

https://bugzilla.wikimedia.org/show_bug.cgi?id=53379 --- Comment #3 from Tyler Romeo --- The help message might be the way to go. Because the preference isn't the only thing that determines whether the user is put over HTTPS or not. -- You are receiving this mail because: You are the assignee f

[Bug 53379] unchecking "Always use a secure connection when logged in" leaves forceHTTPS cookie set

https://bugzilla.wikimedia.org/show_bug.cgi?id=53379 Derk-Jan Hartman changed: What|Removed |Added CC||hartman.w...@gmail.com --- Comment

[Bug 53379] unchecking "Always use a secure connection when logged in" leaves forceHTTPS cookie set

https://bugzilla.wikimedia.org/show_bug.cgi?id=53379 Greg Grossmeier changed: What|Removed |Added Priority|Unprioritized |High CC|

[Bug 53379] unchecking "Always use a secure connection when logged in" leaves forceHTTPS cookie set

https://bugzilla.wikimedia.org/show_bug.cgi?id=53379 --- Comment #1 from sp...@wikimedia.org --- The converse isn't the case: if I then visit my preferences page over insecure http and re-check the preference "Always use a secure connection when logged in", upon saving preferences I'm redirected t