On Tue, Mar 19, 2013 at 11:58 AM, Jonathan Mayer <jmayer(a)stanford.edu> wrote:
I didn't mind the UX, but I could imagine some
user annoyance. Here's an easy fix for Safari, Firefox 22+, and any browser with
third-party cookies entirely disabled:
1) On login/logout, test whether third-party cookies are disabled. (For example, try to
set/read/clear a cookie on
wikitestthirdpartycookies.org.)
2) If a browser has third-party cookies disabled, do a series of first-party redirects to
set or clear wiki* site cookies. (Google does something similar for
google.com/youtube.com.)
This would add potentially dozens of redirects on first visit by an
anonymous user, which is probably not a good user experience. :(
While on the topic of wiki* logins, do y'all have
any plans to implement HTTPS for password submission? My lab surveyed implementations on
top websites not long ago and found that Wikipedia is one of very few to still use
plaintext for credentials.
HTTPS is already available, but it's not yet forced. The ops guys are
being conservative about making sure we can handle the traffic, but
it's on the way. :)
-- brion