Re: Can we change auto-logout timing on wiki.postgresql.org? - Mailing list pgsql-www

From Magnus Hagander
Subject Re: Can we change auto-logout timing on wiki.postgresql.org?
Date
Msg-id CABUevEwGM-uyOdUnb5eZ3DB5MkHy=0HSA2jshME_6J7ZnptrXw@mail.gmail.com
Whole thread Raw
In response to Re: Can we change auto-logout timing on wiki.postgresql.org?  (Josh Berkus <josh@agliodbs.com>)
Responses Re: Can we change auto-logout timing on wiki.postgresql.org?
List pgsql-www
On Wed, May 15, 2013 at 7:58 PM, Josh Berkus <josh@agliodbs.com> wrote:
> On 05/15/2013 10:55 AM, Josh Berkus wrote:
>> WWW,
>>
>> First off, whatever tuning you did didn't work.  I'm still getting
>> logged out, after considerably less than 6 hours.  I'd say about 20min,
>> in fact.
>
> Wait, no.  That's not the issue.  The real issue is somewhat stranger.
>
> 1. log into wiki.postgresql.org.
>
> 2. in a new browser tab/window, follow this link:
>
> http://wiki.postgresql.org/wiki/PgCon_2013_Developer_Meeting
>
> ... you will find yourself not logged in on that tab, even though you
> are on another tab.
>
> 3. now click this link:
>
> https://wiki.postgresql.org/wiki/PgCon_2013_Developer_Meeting
>
> ... now you're logged in. WTF? Apparently login state is only detected
> for HTTPS links?

Yes, the login cookie is set to be sent only over https, for security reasons.

For our other websites, this will be automatically detected and you
get redirected to https (try going to your account page on the main
website with http for example), but at last I don't know of a way to
do that in mediawiki.

Should be easy enough to see - check your mediawiki cookies, and
you'll see they are enabled for https only.

--Magnus HaganderMe: http://www.hagander.net/Work: http://www.redpill-linpro.com/



pgsql-www by date:

Previous
From: Josh Berkus
Date:
Subject: Re: Can we change auto-logout timing on wiki.postgresql.org?
Next
From: Paul Waring
Date:
Subject: Re: Can we change auto-logout timing on wiki.postgresql.org?