On Sun, Feb 13, 2011 at 8:48 PM, Aryeh Gregor Simetrical+wikilist@gmail.com wrote:
On Sun, Feb 13, 2011 at 10:23 AM, Maury Markowitz maury.markowitz@gmail.com wrote:
Are there _no_ performance issues we should be concerned about here?
SSL adds an extra round-trip or two to each connection, and adds some server-side load. Currently we have much bigger client-side performance issues than this -- Resource Loader is a first stab at fixing some of the worst of those -- so I don't think we need to worry too much about it for now.
I think most users use secure.wikimedia.org when they are behind an untrusted connection, and don't want to reveal their password, their username or articles they are reading/editing. I once tried changing my default Wikipedia site to secure, but there were more perormance issues both client and server side than unencrypted, so I changed back. However, I would still prefer to send my login details over SSL whenever I need to relogin.
Currently, if you login on secure you are not logged-in on the unencrypted site, even if I allow setting third party cookies in the browser settings. I assume the login session is common to both unencrypted and encrypted, so would it be possible to transfer the session from secure.wikimedia.org? This way users could login securely but choose to use the unencrypted site for the normal tasks.