Yup - I'm only bringing it up since you can get to that funnel through
saying that you want to login via mobile and then decide to simply
"login" normally.  While not huge, it is a bit of a hole.

On Aug 19, 7:51 am, Damon Clinkscales <sca...@pobox.com> wrote:
> > On Wed, Aug 19, 2009 at 9:07 AM, divesnob<mdarl...@gmail.com> wrote:
>
> >> For some reason my reply yesterday didn't make it?
>
> >> I do realize that you can just change http to https.  The problem here
> >> is that twitter is sending people tohttp://twitter.com/login.
>
> >> Here's a screencast describing what I mean.
>
> >>http://www.screenjelly.com/watch/vSrv36yxa4g
>
> >> -matt
>
> >> On Aug 17, 7:02 pm, Abraham Williams <4bra...@gmail.com> wrote:
> >>>https://twitter.com/login
>
> >>> On Mon, Aug 17, 2009 at 18:58, divesnob <mdarl...@gmail.com> wrote:
>
> >>> > Curious why you're not POSTing over SSL for /login?
>
> >>> > <form class="signin" method="post" action="/sessions">
> >>> > <div style="margin: 0pt; padding: 0pt;">
> >>> > </div>
> >>> > <input id="authenticity_token" type="hidden"
> >>> > value="7a401eeee566e00cff4abe1cba6ed4c70bf52d37"
> >>> > name="authenticity_token"/>
> >>> > <fieldset class="common-form standard-form">
> >>> > </fieldset>
> >>> > </form>
> On Wed, Aug 19, 2009 at 9:47 AM, Damon Clinkscales<sca...@pobox.com> wrote:
> > If you look at the form carefully, you'll see this:
>
> > <form method="post" id="signin" action="https://twitter.com/sessions";>
>
> ^^^ fromhttp://twitter.com/ ^^^
>
> Although, here:
>
> http://twitter.com/login
>
> it's just  /sessions , without the forced https.
>
> Yeah, that does seem like an oversight.
>
> -damon

Reply via email to