If it was six months ago, I would suggest we hand over a unique random cookie with the redirect and verify on the HTTPS side that the cookie showed up, to make sure that it worked.
And then only keep a success/fail log for IP block, perhaps, no user data. That would seem privacy neutral.
Too late now to do that, though.
Sent from Kangphone
On Aug 20, 2013, at 10:24 PM, Greg Grossmeier greg@wikimedia.org wrote:
<quote name="George William Herbert" date="2013-08-20" time="22:09:41 -0700"> > Is there any chance that monitoring could track success of login if someone is redirected from HTTP to HTTPS? The redirects should be easy to spot.
I don't know, honestly. The log we were working from initially doesn't have that data in it (we don't track our users, remember? ;)), but I'll look more closely tomorrow.
Greg
-- | Greg Grossmeier GPG: B2FA 27B1 F7EB D327 6B8E | | identi.ca: @greg A18D 1138 8E47 FAC8 1C7D | _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l