On Tue, Aug 20, 2013 at 11:31 AM, Chad innocentkiller@gmail.com wrote:
- If you login from an http (non secure) login page such as zhWiki or
faWiki you will be able to remain logged in while going to a non secure wiki page (http://en.wikipedia.org ) and not be forced to https (unless you selected that in your preference).
Preferences are local, so unless the local preference has been set to false, you would end up on HTTPS.
On a side note: I assume the preference is wiki based rather then global?
Correct.
I'm beginning to think there's a disconnect between what we coded and what people expect. The preference is *on* by default which I think is what's going to cause problems. We can change defaults before tomorrow so I think we should all be clear.
-Chad _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Thanks Chad, that's a lot of help.
Yeah, this seems to contradict what I thought Ryan was saying above and what I was under the impression for. The bad use case for here (as describe by Risker for example) is a mainland china user from zhWiki logging in (through http) but now not being able to visit enWiki logged in at all (because it will force them to https and https is blocked).
I know Ryan used the term 'home wiki' some up in his emails. My interpretation when reading the thread was that it actually meant the wiki you were logging into (which I think is fine) and not the 'home' wiki that is marked in the CentralAuth interface (though I can't figure out where that's actually marked in the database...). If we are using that 'CentralAuth' definition we're going to have a lot of false negatives, a significant amount of people are marked off as their home being enWiki or somewhere else because it was the first place they created an account. We've never really used 'home wiki' to mean anything other then first account.
James
James Alexander Legal and Community Advocacy Wikimedia Foundation (415) 839-6885 x6716 @jamesofur