$wgSecureLogin is enabled on test2 wiki, so my logins redirect to https. The fix for bug 29898 is also on test2 wiki, so I have a preference "Always use a secure connection when logged in" which defaults to checked.
But if I uncheck this and save my preferences, I can't access the site over HTTP -- I still get redirected to https. It's very confusing. No matter what I do, accessing any page over HTTP redirects me to the https secure URL until I logout.
It's happening because my UserLogin sets $wgCookiePrefixforceHTTPS to true, and changing the preference does NOT clear this cookie. I have to logout, after logging back in (which redirects to secure page), I can then access other pages over http.
Changing the 'prefershttps' preference should clear the cookie, or the preference needs a warning/tooltip/explanation that "This change will only take effect after you log out and log back in."
Version: 1.22.0
Severity: major