On Thu, Sep 1, 2011 at 12:56 AM, Brion Vibber <brion(a)pobox.com> wrote:
Note that this should get fixed once all the sites are
running on https,
since we can bump all the cookie-setters onto the current protocol. In the
meantime, do consider
https://commons.wikimedia.org/ to be very
experimental!
Depending on where these URLs come from exactly (I forget how
CentralAuth obtains them), we could make them use https or be
protocol-relative now. That would break this feature temporarily, but
in a good way: it would only log you in on other wikis that support
https, and wouldn't log yuo in insecurely (or at all) on those that
don't.
Roan