Last modified: 2013-10-18 17:43:30 UTC
Forced secure connection...again...[edit] Even though the "always use a secure connection" box is unchecked, I'm being redirected to https:// no matter what I do on each and every page. This is becoming bothersome. - The Bushranger One ping only 22:43, 25 September 2013 (UTC) Which browser are you using? If Firefox, try zapping all the forceHTTPS cookies, as suggested a few weeks back. --Redrose64 (talk) 23:09, 25 September 2013 (UTC) I'm using FF22. I tried that - but there was no forceHTTPS cookie after I logged out per the directions there. There was one that existed while I was logged in, and I deleted it while logged in - and was then able to navigate using http://...however, as soon as I signed out and back in again, I was right back stuck on https://. This is a Wikipedia issue, not a my-browser isssue, as it's force-feeding me the forceHTTPS cookie every time I log in, even though it was just fine on http:// this morning. - The Bushranger One ping only 23:25, 25 September 2013 (UTC) I tried deleting and had similar problems - it's also force feeding me that cookie every time I log in. Why do the technical people have meddle so... and not tell us. Dpmuk (talk) 06:07, 26 September 2013 (UTC)
I wonder if this is covered by anomie's https://gerrit.wikimedia.org/r/#/c/85776/ . Or not. For the records: https://en.wikipedia.org/w/index.php?title=Wikipedia:Village_pump_%28technical%29&oldid=574592983#Forced_secure_connection...again... https://en.wikipedia.org/w/index.php?title=Wikipedia:Village_pump_%28technical%29&oldid=574592983#http_login_issue
Change 86101 had a related patch set uploaded by Anomie: Explicitly clear forceHTTPS cookie when insecure https://gerrit.wikimedia.org/r/86101
Change 86101 merged by jenkins-bot: Explicitly clear forceHTTPS cookie when insecure https://gerrit.wikimedia.org/r/86101
Marking this fixed, since the patch is merged. It looks like this just missed being included in 1.22wmf19, so it should go out to WMF wikis with 1.22wmf20. See https://www.mediawiki.org/wiki/MediaWiki_1.22/Roadmap for the schedule. Unless, of course, Chris or someone wants to backport it (which would probably happen then on Monday).
*** Bug 55368 has been marked as a duplicate of this bug. ***
Is this in fact in wmf20? I don't see it in the release notes in https://www.mediawiki.org/wiki/MediaWiki_1.22/wmf20
I don't know why it's not on that release notes page, but I just checked on tin and it is included in the version of CentralAuth in /a/common/php-1.22wmf20/extensions/CentralAuth.
Thanks for checking, Brad.
I'm getting forced into using HTTPS again today, so I'm reopening this bug. Not only that, but clearing the cookies doesn't help. If do that, then I get the popup message: Central login You are centrally logged in as XXXXXXX. Reload the page to apply your user settings. And 15 different new HTTPS cookies added: commons, incubator, login, mediawiki, meta, species, wikibooks, wikidata, wikinews, wikipedia, wikiquote, wikisource, wikiversity, wikivoyage, and wiktionary. I am using Firefox 24.0.
Just realized something. One of the cookies was "wikipedia.org". If I remember correctly, then before there were separate cookies for en.wikipedia.org, fr.wikipedia.org, etc. Did someone do an optimization to use only one cookie per domain and then forget to give us the ability to opt out since there are no preferences users can set on "wikipedia.org", just on the individual sites?
Okay, just tried one more thing. Clearing the cookies, logging out, and logging back in. That worked. But still, I should not have ever gotten into the state I was in of it forcing me into HTTPS, so something is still wonky, even if intermittently so.
If you can reproduce this now that you've logged out and logged back in, please file a new bug with specific instructions on reproducing.
Confirmed fixed in a Chrome private browser session with HTTPS disabled.
I have managed to reproduce it and this time noticed the trigger. Using Google Translate on a Wikipedia page. I have filed a new bug, Bug 55887.
