Manual:$wgSecureLogin
Authentication: $wgSecureLogin | |
---|---|
Whether to let user authenticate using https when they come from http. |
|
Introduced in version: | 1.17.0 (r75585) |
Removed in version: | Still in use |
Allowed values: | (boolean) |
Default value: | false |
Other settings: Alphabetical | By function |
Details
editIf true, forces users to authenticate using https when they come from http, but only if you use a protocol-relative URL in $wgServer
(otherwise this setting is ignored).
Note also that under certain circumstances, when serving http and https in parallel on a web server, specifying http within a browser's location and adding the fromhttp=1
query parameter, the login page will be downgraded from https to http, even when $wgSecureLogin
is set to true.
A link will then display above the username field allowing a user to choose the secure login option.
From 1.22 on, use $wgDefaultUserOptions
to set prefershttps
false by default if you want HTTP users to stay on HTTP after login by default.
Based on an idea by George Herbert on wikitech-l: mailarchive:wikitech-l/2010-October/050071.html.
You will need to set $wgServer as following.
MediaWiki version: | ≥ 1.17 |
$wgServer = "//replacethisexample.com";
$wgSecureLogin = true;