https://bugzilla.wikimedia.org/show_bug.cgi?id=31323
--- Comment #10 from Jérémie Roquet <[email protected]> --- (In reply to comment #9) > All HTTP cookies have a "Secure" attribute that determines whether the > browser > will send them over HTTP or not. So, in other words, the actual protocol > under > which the cookie was sent is irrelevant, it's the Secure flag on the cookie > that matters. > > When you log in using HTTPS in MediaWiki, almost every cookie is set to > Secure > so that it only goes over HTTPS. However, if you look in User::setCookies, > you'll see that the forceHTTPS cookie is explicitly set without the Secure > attribute so that it'll be visible regardless of protocol. That's a crystal clear explanation, thank you! -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
