[Catalyst] Remember Me?
Carl Franks
fireartist at gmail.com
Tue Dec 11 15:53:52 GMT 2007
On 11/12/2007, Bill Moseley <moseley at hank.org> wrote:
> What does "logout" do with respect to the "remember me" state? Should
> it remove just that machine's "remember me" cookie (and server-side
> token) or all of the user's state (as when they used multiple
> browsers/machines to log in)?
I would get quite annoyed with a website that expired my other
browsers' cookies when I clicked 'logout', unless it's a very
"high-value" site that expects you to not be logged in simultaneously
from multiple machines.
I'd forgotten that amazon doesn't even provide a "logout" link - the
closest thing is:
(If you're not Carl Franks, click here.)
Clicking that doesn't effect my sessions on other machines / browsers.
> I log into to many places where the data isn't very important so have
> become used to letting the browser remember my credentials. So, that
> extra step of clicking the login button doesn't feel inconvenient.
> Others are probably more used to a "remember me" feature. I prefer to
> keep manage my own credential store, but I suppose it depends where you
> consider the greater threat -- hijacking in route cookies vs. physical
> access to the computer.
I don't want the inconvenience of using firefox's master password
feature, yet without that I know that any passwords it remembers can
be viewed in plaintext through firefox's preferences panel.
I don't mind someone getting access to use.perl while it's logged in
as me - but I would certainly mind them getting access to the
password, as it's one I use for several low-risk community sites.
If a site didn't provide a 'remember me' feature, yet I got a better
experience or better content while logged in, I'd probably just visit
it less often.
How far do you want to go to provide user-choice? What will you lose
if X percent of people visit the site less often?
Cheers,
Carl
More information about the Catalyst
mailing list