https://bugzilla.wikimedia.org/show_bug.cgi?id=53379
Web browser: --- Bug ID: 53379 Summary: unchecking "Always use a secure connection when logged in" leaves forceHTTPS cookie set Product: MediaWiki Version: 1.22-git Hardware: All OS: All Status: NEW Severity: major Priority: Unprioritized Component: User preferences Assignee: wikibugs-l@lists.wikimedia.org Reporter: sp...@wikimedia.org CC: agarr...@wikimedia.org Classification: Unclassified Mobile Platform: --- $wgSecureLogin is enabled on test2 wiki, so my logins redirect to https. The fix for bug 29898 is also on test2 wiki, so I have a preference "Always use a secure connection when logged in" which defaults to checked. But if I uncheck this and save my preferences, I can't access the site over HTTP -- I still get redirected to https. It's very confusing. No matter what I do, accessing any page over HTTP redirects me to the https secure URL until I logout. It's happening because my UserLogin sets $wgCookiePrefixforceHTTPS to true, and changing the preference does NOT clear this cookie. I have to logout, after logging back in (which redirects to secure page), I can then access other pages over http. Changing the 'prefershttps' preference should clear the cookie, or the preference needs a warning/tooltip/explanation that "This change will only take effect after you log out and log back in." -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l