On Tue, Mar 19, 2013 at 11:58 AM, Jonathan Mayer jmayer@stanford.edu wrote:
I didn't mind the UX, but I could imagine some user annoyance. Here's an easy fix for Safari, Firefox 22+, and any browser with third-party cookies entirely disabled:
- On login/logout, test whether third-party cookies are disabled. (For example, try to set/read/clear a cookie on wikitestthirdpartycookies.org.)
- If a browser has third-party cookies disabled, do a series of first-party redirects to set or clear wiki* site cookies. (Google does something similar for google.com/youtube.com.)
This would add potentially dozens of redirects on first visit by an anonymous user, which is probably not a good user experience. :(
While on the topic of wiki* logins, do y'all have any plans to implement HTTPS for password submission? My lab surveyed implementations on top websites not long ago and found that Wikipedia is one of very few to still use plaintext for credentials.
HTTPS is already available, but it's not yet forced. The ops guys are being conservative about making sure we can handle the traffic, but it's on the way. :)
-- brion