Page MenuHomePhabricator

Login on https doesn't log you in on http
Closed, ResolvedPublic


Go to
Click the watchlist star and click login
(Note you are now on
Click back twice so you are back on and hit refresh
You are no longer logged in

Login on https should log you in on http

Version: unspecified
Severity: normal
See Also:



Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 1:38 AM
bzimport added a project: MobileFrontend-beta.
bzimport set Reference to bz44330.
brion added a comment.Jan 25 2013, 7:15 PM

Logging in on https should NEVER log you in on http -- that defeats the purpose of an encrypted connection and makes it trivial for network sniffers or MiTM to steal your tokens.

True. I'm coming from a UX point of view here.

What I'm getting at is if as a user I access wikipedia via http and click on login I am now logged in and accessing wikipedia over https.

Now if I go to Wikipedia again on http via a google link I am now logged out and have to login again.

This loop will continue until I get bored of logging into Wikipedia (logging in is dull right?)

An ideal solution would be to remember a user logged in and redirect them to https on subsequent visits. How we might do this I'm not sure.

(In reply to comment #3)

This should resolve the bug:

Merged by MaxSem on the 30th.