If it was six months ago, I would suggest we hand over a unique random cookie with the
redirect and verify on the HTTPS side that the cookie showed up, to make sure that it
worked.
And then only keep a success/fail log for IP block, perhaps, no user data. That would
seem privacy neutral.
Too late now to do that, though.
Sent from Kangphone
On Aug 20, 2013, at 10:24 PM, Greg Grossmeier <greg(a)wikimedia.org> wrote:
<quote name="George William Herbert"
date="2013-08-20" time="22:09:41 -0700">
Is there any chance that monitoring could track
success of login if someone is redirected from HTTP to HTTPS? The redirects should be
easy to spot.
I don't know, honestly. The log we were working from initially doesn't
have that data in it (we don't track our users, remember? ;)), but I'll
look more closely tomorrow.
Greg
--
| Greg Grossmeier GPG: B2FA 27B1 F7EB D327 6B8E |
| identi.ca: @greg A18D 1138 8E47 FAC8 1C7D |
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l