https://bugzilla.wikimedia.org/show_bug.cgi?id=53379
Web browser: ---
Bug ID: 53379
Summary: unchecking "Always use a secure connection when logged
in" leaves forceHTTPS cookie set
Product: MediaWiki
Version: 1.22-git
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: Unprioritized
Component: User preferences
Assignee: wikibugs-l@lists.wikimedia.org
Reporter: sp...@wikimedia.org
CC: agarr...@wikimedia.org
Classification: Unclassified
Mobile Platform: ---
$wgSecureLogin is enabled on test2 wiki, so my logins redirect to https. The
fix for bug 29898 is also on test2 wiki, so I have a preference "Always use a
secure connection when logged in" which defaults to checked.
But if I uncheck this and save my preferences, I can't access the site over
HTTP -- I still get redirected to https. It's very confusing. No matter what I
do, accessing any page over HTTP redirects me to the https secure URL until I
logout.
It's happening because my UserLogin sets $wgCookiePrefixforceHTTPS to true, and
changing the preference does NOT clear this cookie. I have to logout, after
logging back in (which redirects to secure page), I can then access other pages
over http.
Changing the 'prefershttps' preference should clear the cookie, or the
preference needs a warning/tooltip/explanation that "This change will only take
effect after you log out and log back in."
--
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
