Accessing LDS.org via HTTP signs you out in most cases

Discuss ideas and suggestions around the LDS.org website.
User avatar
aebrown
Community Administrator
Posts: 14692
Joined: Tue Nov 27, 2007 8:48 pm
Location: Sandy, Utah

Accessing LDS.org via HTTP signs you out in most cases

Postby aebrown » Tue Nov 27, 2012 4:47 pm

When you are signed in to LDS.org, you will be using HTTPS. As long any subsequent links you access use HTTPS, you will continue to be signed in. However, if you access most pages on LDS.org using HTTP, you will immediately be signed out.

For example, you can visit any of these links and you will be signed out:

This is a problem that I bump into frequently. For example, I might be signed in to LDS.org and working on the Newsletter. I find I need to do some research, so I open up a new tab in my browser and start doing some searches. In the course of my searching, I may come across a blog post where someone links to the Temples page on LDS.org. I follow that link, and the innocent act of doing so means that when I return to my Newsletter tab, I will be signed out. If I was foolish enough to be in the middle of creating or editing an article when I switched tabs, my edits will be lost. But even if I don't lose work, I have to sign in again, which is a pain.

However, some pages you can visit using HTTP and as soon as you go back to a page using HTTPS, you will find out that you are still signed in. For example:

  • http://www.lds.org/general-conference
  • (actually, the General Conference page and all pages under it are the only examples of this behavior that I could find in my admittedly cursory search)
This sign out problem will happen for some links that redirects you to a page on LDS.org, even if you use HTTPS. For example, any of the following links will take you to the appropriate page on LDS.org using HTTP, and thus sign you out from LDS.org:

And yet there are some HTTP links that redirect you to content on LDS.org, where following such links won't sign you out. Here are some examples:

What are my conclusions from all this?

  • It's far too easy to get signed out from LDS.org by accidentally visiting a page on LDS.org using HTTP. Since many pages manage to preserve your session even if you happen to use HTTP, all pages should do this.
  • LDS.org is not at all consistent in how it handles URLS that redirect to a page on LDS.org. In my opinion, using a redirect should not end your session.
I originally noticed some aspects of this behavior in the thread Following links to LDS.org signs you out, but I think it deserves a new thread.
Questions that can benefit the larger community should be asked in a public forum, not a private message.

Return to “LDS.org Website”

Who is online

Users browsing this forum: No registered users and 1 guest