Page MenuHomePhabricator
Create Task
Maniphest T34144

When user is logging out via HTTPS, insecure HTTP cookies keeping logged in state should be cleared as well
Closed, ResolvedPublic
Actions

Description

Or if the user was logged in via http and is logging out via https, the logged-in state in http will be kept.

Version: wmf-deployment
Severity: normal

Details

Reference
bz32144

Related Objects

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 22 2014, 12:07 AM
bzimport added a project: HTTPS.
bzimport set Reference to bz32144.
bzimport added a subscriber: Unknown Object (MLST).
liangent created this task.Nov 2 2011, 2:20 PM
Aklapper added a comment.Jan 29 2013, 6:01 PM

Confirming: When I log in via HTTP and log out via HTTPS, I'm still logged in via HTTP. Tested with Opera 12.02 (removed any cookies before) on cs.wikipedia.org.

Wondering if bug 20643 would bring any changes. Probably not.

Bawolff added a comment.Feb 6 2013, 4:28 PM

(In reply to comment #1)

Wondering if bug 20643 would bring any changes. Probably not.

That bug is long fixed for all but a few special cases...

When you log out, wouldn't you want all your sessions to be logged out (even for other sessions for other computers)?

Mdann52 closed this task as Invalid.Aug 13 2015, 1:22 PM
Mdann52 claimed this task.
Mdann52 subscribed.

Invalid with move to HTTPS only

Dinoguy1000 reopened this task as Open.Aug 14 2015, 10:01 AM
Dinoguy1000 subscribed.

Reopening per T41676#1534951

Mdann52 removed Mdann52 as the assignee of this task.Sep 10 2015, 9:13 AM
Dzahn moved this task from Backlog to Cookies on the HTTPS board.Dec 3 2015, 10:26 PM
Aklapper added a project: Traffic.Feb 23 2016, 6:13 PM
Restricted Application added a project: SRE. · View Herald TranscriptFeb 23 2016, 6:13 PM
BBlack closed this task as Resolved.May 31 2016, 9:49 PM
BBlack claimed this task.
BBlack subscribed.

Assuming this is no longer an issue, since login via HTTP is impossible.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL