This might be OK, but I thought I'd report it because it seems strange to me:
- login on http://test2.wikipedia.org with a global account, get the redirect to central server and end up on the https URL https:/test2.wikipedia.org
- explicitly open an http page requiring login, like http://test2.wikipedia.org/wiki/Special:UploadWizard by pasting into the address bar
- User gets a message "Not logged in"
- click "Log in"
- on login page, click "Log in" without filling in password. User name is filled in automatically.
- Login succeeds without password being entered
- Note: sometimes upon doing this I briefly see a "Password field was empty" or "Cookies required" error message before the login succeeds.
- explicitly open the http page again, http://test2.wikipedia.org/wiki/Special:UploadWizard
- This time the user is sent to the page correctly without incident
Unexpected behavior:
- Login succeeds from login page without a password required
- Login sometimes reports a missing-password or cookies error before succeeding
- Pasting an http: URL fails after first login but succeeds after second password-less login.
Version: unspecified
Severity: normal