At Wed, 25 Oct 2006 19:58:10 +0100 "Gary Kirk" gary.kirk@gmail.com wrote:
That kind of defeats the point of using HTTPS, no?
Not at all. https ensures that only the trusted group can be using the wiki. This is why we trust them to stay logged in to the wiki. The whole point would be moot if apache would inform MW as to my user and group from the https login, so I would never have to do 2 logins: one for https and another for mediawiki. This is the problem I would really like to see solved. But in the meantime my workaround question stands. (And "remember me" doesn't log me in; it just rememebers my name in the login screen.)
Dave
On 10/25/06, Dave Yost ListMail@yost.com wrote:
We used MediaWiki via https among a trusted set of people.
How can we make MediaWiki allow users to stay logged in? In other words, how can we make it so their cookie is all they need so that they are already logged in the next time they go to the site after having quit the browser?
Not at all. https ensures that only the trusted group can be using
the
wiki. This is why we trust them to stay logged in to the wiki. The
whole
point would be moot if apache would inform MW as to my user and group
from
the https login, so I would never have to do 2 logins: one for https
and
another for mediawiki. This is the problem I would really like to see solved. But in the meantime my workaround question stands. (And "remember me" doesn't log me in; it just rememebers my name in the
login
screen.)
When you say https, do you mean web server authentication? Using https does nothing other than ensure that the traffic in between you and the server is encrypted (it does NOT perform authentication). If you mean web server authentication, please specify, because I believe this is causing quite a bit of confusion.
V/r,
Ryan Lane
mediawiki-l@lists.wikimedia.org