https://bugzilla.wikimedia.org/show_bug.cgi?id=29898
Roan Kattouw <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #6 from Roan Kattouw <[email protected]> 2011-10-25 13:23:23 UTC --- (In reply to comment #0) > Bonus points for being able to redirect from http to https links in order to > bump over to a live SSL login session when following generic links found > elsewhere. (may need another bug) This was filed as bug 31432 and then duped to this bug. To accomplish this securely, we would need to do the following: * When logging in over HTTPS and the pref is set, set the login cookies securely (as always) but set an insecure cookie that specifies that the user wants HTTPS * On every HTTP request, check for the presence of this cookie and redirect to HTTPS if so. This also requires that the name of this cookie be added to the XVO header. It appears that Liangent (in filing bug 31432) and Ryan (through an in-person conversation with me) both came up with the same plan separately. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
