On Thu, Sep 1, 2011 at 12:56 AM, Brion Vibber brion@pobox.com wrote:
Note that this should get fixed once all the sites are running on https, since we can bump all the cookie-setters onto the current protocol. In the meantime, do consider https://commons.wikimedia.org/ to be very experimental!
Depending on where these URLs come from exactly (I forget how CentralAuth obtains them), we could make them use https or be protocol-relative now. That would break this feature temporarily, but in a good way: it would only log you in on other wikis that support https, and wouldn't log yuo in insecurely (or at all) on those that don't.
Roan