1 Following up on [[login_problem]], there's still some problems mixing https
2 and http logins on sites that allow both and don't redirect http to https.
4 If the user logs in on https first, their cookie is https-only. If they
5 then open the http site and do something that needs them logged in, it will
6 try to log them in again. But, the https-only cookie is apparently not
7 replaced by the http login cookie. The login will "succeed", but the cookie
8 is inaccessible over https and so they'll not be really logged in.
10 I think that the only fix for this is make the login page redirect from
11 http to https, and for it to return to the https version of the page that
12 prompted the login. --[[Joey]]