I have received some informal complaints that indicate that the login page at the shop, is not secure. This should probably redirect to HTTPS.
I have tried to track login action, it submits user name and password to https://wikimedia.myshopify.com/account/login and then redirects me to store.wikimedia.org/account without https.
When I manually access https://store.wikimedia.org/account, it redirects me to login page. That means, the cookies generated by last login action has no effect... I have not idea about this...
I also tried to force login action to submit my username and password to https://store.wikimedia.org/account/login, I am also redirected to store.wikimedia.org/account. This time, however, when I manually access https://store.wikimedia.org/account I can stay on my account page and retrieve my information, the cookies work!
So my thought is
- Change the login action from https://wikimedia.myshopify.com/account/login to https://store.wikimedia.org/account/login, to get cookies work for https.
- Then we can add a setting to redirect users to a page with https.
However, I didn't find the a place to set up the login action in theme files.
Any suggestions please?
@HuiZSF: I am resetting the assignee of this task because there have not been any updates for the last two years. Resetting the assignee avoids the impression that somebody is working on this task. Please claim this task again if/when you plan to work on it (via Add Action... → Assign / Claim in the dropdown menu). Thanks!