When $wgSecureLogin is set to true users are not redirected back to HTTP despite the below
“The checkbox for staying in HTTPS displayed on the login form when $wgSecureLogin is enabled has been removed. Instead, whether the user stays in HTTPS will be determined based on the user's preferences, and whether they came from HTTPS or not.”