https://bugzilla.wikimedia.org/show_bug.cgi?id=41022
--- Comment #6 from Huji <huji.h...@gmail.com> 2012-10-14 23:39:34 UTC --- I'm not sure if this is against security standards. From bug 29898 comment 2 by Brion Vibber: > Running all login forms through HTTPS, then after that either keeping you in > secure HTTPS-land or giving you an insecure cookie and shoving you back to > HTTP, is common practice. If it is reasonable to allow HTTP users to use HTTPS for login and then be redirected back to HTTP, then it is also reasonable to allow a user who started on HTTPS, and logged in on HTTPS, to retain their cookies in HTTP too. I will wait for further input from others. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
