[Mediawiki-l] How to let people stay logged in

Rick DeNatale rick.denatale at gmail.com
Thu Oct 26 15:47:43 UTC 2006

On 10/25/06, Gary Kirk <gary.kirk at gmail.com> wrote:
> That kind of defeats the point of using HTTPS, no?

I don't see how.

HTTPS is a transport level protocol which does several things:

1) It encrypts traffic between the client and server
2) It uses a certificate to authenticate the server  so the client
knows who it's talking to.
3) It optionally uses a client-certificate to authenticate the client
machine to the server.

#3 is not often used.

Persistent cookies don't defeat https, since they are part of the
protocol at the application level.

Rick DeNatale

My blog on Ruby

IPMS/USA Region 12 Coordinator

Visit the Project Mercury Wiki Site

More information about the MediaWiki-l mailing list