https://bugzilla.wikimedia.org/show_bug.cgi?id=70145
--- Comment #23 from Chris Steipp <[email protected]> --- (In reply to Dan Duvall from comment #22) > A brief summary of what we observed while troubleshooting (Chris, please > correct me if this is wrong/incomplete): Safari's behavior seems > intermittently incorrect in that it includes the "forceHTTPS=deleted" cookie > in requests following the explicit expiration of the cookie. The subsequent > submission of the literal "deleted" cookie value causes a redirect to https. Yep, that's all correct. On the MediaWiki side, we check for the presence of a forceHTTPS cookie in MediaWiki.php, so when safari hands us back the cookie forceHTTPS=deleted, it triggers the redirect to https. The check could ensure that the cookie value isn't "deleted", since we set it to 1 when we want users to stay in https. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
