On Wed, May 15, 2013 at 7:58 PM, Josh Berkus <josh@agliodbs.com> wrote:
> On 05/15/2013 10:55 AM, Josh Berkus wrote:
>> WWW,
>>
>> First off, whatever tuning you did didn't work. I'm still getting
>> logged out, after considerably less than 6 hours. I'd say about 20min,
>> in fact.
>
> Wait, no. That's not the issue. The real issue is somewhat stranger.
>
> 1. log into wiki.postgresql.org.
>
> 2. in a new browser tab/window, follow this link:
>
> http://wiki.postgresql.org/wiki/PgCon_2013_Developer_Meeting
>
> ... you will find yourself not logged in on that tab, even though you
> are on another tab.
>
> 3. now click this link:
>
> https://wiki.postgresql.org/wiki/PgCon_2013_Developer_Meeting
>
> ... now you're logged in. WTF? Apparently login state is only detected
> for HTTPS links?
Yes, the login cookie is set to be sent only over https, for security reasons.
For our other websites, this will be automatically detected and you
get redirected to https (try going to your account page on the main
website with http for example), but at last I don't know of a way to
do that in mediawiki.
Should be easy enough to see - check your mediawiki cookies, and
you'll see they are enabled for https only.
--Magnus HaganderMe: http://www.hagander.net/Work: http://www.redpill-linpro.com/
