https://bugzilla.wikimedia.org/show_bug.cgi?id=55887
--- Comment #10 from Carolina wren <[email protected]> --- Let me present a scenario ask if this is indeed what would happen. If were logged out of wikimedia and then visited a site where I have not set the preference as I desired and then for some odd reason, logged in there, would I get the cookies set? If I understand you correctly, it would. In that case, the bug is that while you have a preference to allow a person to choose "Always use a secure connection when logged in" (an option which which is now by default always enabled unless one chooses opt-out) there is no option to specify "Never use a secure connection when logged in". Incidentally, when I first noticed the problem I tried manually editing the cookies to have a value of "0" instead of "1" in hopes they were a boolean flag, but that didn't work, but perhaps you should consider doing that. However you choose to implement it, it sounds like you need to replace the kludge you used to enforce Wales' privacy fears with one that allows those of us who don't share them to opt out globally, instead of having to make us opt out potentially hundreds of times. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
