When logging in, and wgSecureLogin is used, the forceHTTPS cookie (to have mediawiki redirect to https from an http call) isn't set for all SUL domains, only the project where the user is logging in.
Need to add the forceHTTPS cookie, probably in the same place where we set the token cookie.
Version: unspecified
Severity: normal
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Resolved | • csteipp | T55085 No forcehttps cookies for sister projects on AutoLogin | |||
| Resolved | Anomie | T55536 forceHTTPS cookie not deleted in Wikimedia environment | |||
| Resolved | • csteipp | T55538 Logged users redirected to HTTPS only on some wikis |
Change 81591 had a related patch set uploaded by CSteipp:
Set forceHTTPS cookies for Autologin wikis
That patch only sets the cookies. Still need to clean up from them on logout, which requires touching every wiki. That will be a more complex patch.
Second half of the patch was added as a bug by Seb35. Probably good to keep this as a tracking bug, and that one for the specific issue.
I also opened the bug 53538 which can be considered as an other specific issue due to the fact wgCookiePrefix is language-specific.
Since this seems to be fixed, and the dependent bugs too, let's close this now. Feel free to reopen if I'm mistaken.