If it was six months ago, I would suggest we hand over a unique random cookie with the redirect and verify on the HTTPS side that the cookie showed up, to make sure that it worked.
And then only keep a success/fail log for IP block, perhaps, no user data. That would seem privacy neutral. Too late now to do that, though. Sent from Kangphone On Aug 20, 2013, at 10:24 PM, Greg Grossmeier <g...@wikimedia.org> wrote: > <quote name="George William Herbert" date="2013-08-20" time="22:09:41 -0700"> >> Is there any chance that monitoring could track success of login if someone >> is redirected from HTTP to HTTPS? The redirects should be easy to spot. > > I don't know, honestly. The log we were working from initially doesn't > have that data in it (we don't track our users, remember? ;)), but I'll > look more closely tomorrow. > > Greg > > -- > | Greg Grossmeier GPG: B2FA 27B1 F7EB D327 6B8E | > | identi.ca: @greg A18D 1138 8E47 FAC8 1C7D | > _______________________________________________ > Wikitech-l mailing list > Wikitech-l@lists.wikimedia.org > https://lists.wikimedia.org/mailman/listinfo/wikitech-l _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
