https://bugzilla.wikimedia.org/show_bug.cgi?id=53379
--- Comment #4 from Chris Steipp <[email protected]> --- (In reply to comment #0) > It's happening because my UserLogin sets $wgCookiePrefixforceHTTPS to true, > and > changing the preference does NOT clear this cookie. I have to logout, after > logging back in (which redirects to secure page), I can then access other > pages > over http. Correct. Your cookies, and their security, are setup on login, not preference updates. So you would have to re-login to see the effect. A help notice would probably be the best way to handle it. The alternative is to reset all the user's cookies on a preference update, which I don't think is something we want to do. (In reply to comment #3) > The help message might be the way to go. Because the preference isn't the > only > thing that determines whether the user is put over HTTPS or not. This is also true. If the preference is unchecked, we'll always set your cookies insecure, but we will redirect back to https if you came from an https page when you clicked login. So yeah, I think a warning message is really the only way we can sanely manage this. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
