Last modified: 2014-02-12 23:47:24 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T46330, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 44330 - Login on https doesn't log you in on http
Login on https doesn't log you in on http
Status: RESOLVED FIXED
Product: MobileFrontend
Classification: Unclassified
beta (Other open bugs)
unspecified
All All
: Unprioritized normal
: ---
Assigned To: Arthur Richards
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-01-25 00:35 UTC by Jon
Modified: 2014-02-12 23:47 UTC (History)
9 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Jon 2013-01-25 00:35:46 UTC 
Go to http://en.m.wikipedia.org/wiki/Typhoon_Rusa
Click the watchlist star and click login
(Note you are now on https://en.m.wikipedia.org/w/index.php?title=Special:UserLogin&returnto=Typhoon+Rusa&returntoquery=article_action%3Dwatch&wpStickHTTPS=1)
Login
Click back twice so you are back on http://en.m.wikipedia.org/wiki/Typhoon_Rusa and hit refresh
You are no longer logged in

Expected:
Login on https should log you in on http
Comment 1 Brion Vibber 2013-01-25 19:15:12 UTC 
Logging in on https should NEVER log you in on http -- that defeats the purpose of an encrypted connection and makes it trivial for network sniffers or MiTM to steal your tokens.
Comment 2 Jon 2013-01-25 19:27:44 UTC 
True. I'm coming from a UX point of view here.

What I'm getting at is if as a user I access wikipedia via http and click on login I am now logged in and accessing wikipedia over https.

Now if I go to Wikipedia again on http via a google link I am now logged out and have to login again.

This loop will continue until I get bored of logging into Wikipedia (logging in is dull right?)

An ideal solution would be to remember a user logged in and redirect them to https on subsequent visits. How we might do this I'm not sure.
Comment 3 Arthur Richards 2013-01-26 01:49:02 UTC 
This should resolve the bug:
https://gerrit.wikimedia.org/r/#/c/45922/
Comment 4 Alex Monk 2013-02-01 15:58:02 UTC 
(In reply to comment #3)
> This should resolve the bug:
> https://gerrit.wikimedia.org/r/#/c/45922/

Merged by MaxSem on the 30th.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links