https://bugzilla.wikimedia.org/show_bug.cgi?id=50334
Brad Jorsch <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #2 from Brad Jorsch <[email protected]> --- (In reply to comment #0) > This might be OK, but I thought I'd report it because it seems strange to > me: > > * login on http://test2.wikipedia.org with a global account, get the redirect > to central server and end up on the https URL https:/test2.wikipedia.org > * explicitly open an http page requiring login, like > http://test2.wikipedia.org/wiki/Special:UploadWizard by pasting into the > address bar > ** User gets a message "Not logged in" Apparently it's only logging you in on the secure site, not the insecure site. Aaron knows more about this bit of the code than I do, CCing him. > * click "Log in" > * on login page, click "Log in" without filling in password. User name is > filled in automatically. > > ** Login succeeds without password being entered > *** Note: sometimes upon doing this I briefly see a "Password field was > empty" > or "Cookies required" error message before the login succeeds. When you open Special:Userlogin, it attempts to check if you're logged into the central domain in the background. Presumably this is succeeding, which is why the login seems to succeed despite entering a wrong password. There's JavaScript involved in that check that tries to send you to the success page, but if you already clicked the "Log in" button it may be that the browser isn't allowing the JavaScript to override the form submission. -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
