https://bugzilla.wikimedia.org/show_bug.cgi?id=42832
--- Comment #5 from Chris Steipp <[email protected]> --- Brian, I totally agree. Tyler, I *think* we can add a parameter to set the session as secure or insecure as part of the session refresh on a successful login. So the login csrf token is checked against the original session, but the new session is secure/insecure based on the checkbox. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
