[Mediawiki-l] $wgDisableCookieCheck
Tim Miller
tim at lashni.net
Fri Sep 18 04:16:16 UTC 2009
I'm currently trialling the SecurePages extension (formerly httpsLogin)
to force a https connection for Special:Userlogin and then redirect to
http for normal usage of the wiki. By default the extension sets
$wgCookieSecure to false since MediaWiki obviously can't read cookies
set with the secure flag when not using an encrypted connection.
I'm curious whether anyone has any input on the security implications of
using $wgDisableCookieCheck instead of disabling $wgCookieSecure.
Thanks,
Tim.
More information about the MediaWiki-l
mailing list