I'm providing additional information below to make it easier to replicate the error when testing. I updated Torbrowser yesterday to version 11.5, which now includes a HTTPS check. This is how I began observing the issue.
Steps to replicate:
Install latest Torbrowser - current (11.5 (based on Mozilla Firefox 91.11.0esr) (64-bit))
navigate to conspiracies.win, patriots.win, or another affiliated .win domain
click login, redirected to login page
enter login credentials.
click the 'sign in' button
On first login attempt Torbrowser will return the error and refreshes to
If you click the login button again a second time, the cookie recognizes an active session, but you are not actually fully logged in, returns an error and refreshes to
If attempting to login from https://scored.co/c/Conspiracies/ or https://scored.co/c/TheDonald/ you are not redirected to a login page --> a pop-up window appears. input login credentials, click "login', and you successfully login without any HTTPS error warnings.
So the deprecated domain is redirecting to the new server to pass a login token- that's my impression of what you just described. I think this might be expected if the authenticating server has changed addresses (ie. the redirect). Can you trace the redirect IP?
Domain: cloudflare.inc
Certificate: valid
? I can't replicate
The HTTPS warning error is still present.
I'm providing additional information below to make it easier to replicate the error when testing. I updated Torbrowser yesterday to version 11.5, which now includes a HTTPS check. This is how I began observing the issue.
Steps to replicate:
Install latest Torbrowser - current (11.5 (based on Mozilla Firefox 91.11.0esr) (64-bit))
navigate to conspiracies.win, patriots.win, or another affiliated .win domain
click login, redirected to login page
enter login credentials.
click the 'sign in' button
On first login attempt Torbrowser will return the error and refreshes to
http://authentication.win/authenticated?com=https://patriots.win/&community=TheDonald
http://authentication.win/authenticated?com=https://conspiracies.win/&community=Conspiracies
If you click the login button again a second time, the cookie recognizes an active session, but you are not actually fully logged in, returns an error and refreshes to
http://authentication.win/session?site=TheDonald&return=https://patriots.win/
http://authentication.win/session?site=Conspiracies&return=https://conspiracies.win/
...
Workaround (no warning/ error)
If attempting to login from https://scored.co/c/Conspiracies/ or https://scored.co/c/TheDonald/ you are not redirected to a login page --> a pop-up window appears. input login credentials, click "login', and you successfully login without any HTTPS error warnings.
So the deprecated domain is redirecting to the new server to pass a login token- that's my impression of what you just described. I think this might be expected if the authenticating server has changed addresses (ie. the redirect). Can you trace the redirect IP?