On 11/12/2007, Bill Moseley <[EMAIL PROTECTED]> wrote: > What's the current thinking about those "remember me" checkboxes on > login forms that basically allow users to return to the site and > automatically log in?
I think first, you have to make a judgement about the value of the data / functionality you're offering. I really like the amazon model, but it's not going to be suitable for every application. With amazon, when you login it implicitly does a "remember me", so that if you close the browser, and come back later, it knows who you are and you can add / remove things from your basket. However, if you want to do anything more than manage your basket, it switches to SSL and requires your username / password. I'm not sure if at this stage, it uses a session cookie, or just a short-term cookie. Overall, this works very well. I'm not bothered if someone comes along after me and can see what's in my basket. If I were on a public machine, I know to logout manually. I do value being given the choice, when it's appropriate that I can decide for myself. I would never expect my bank's website to offer a 'remember me', and I would never allow my browser to remember the credentials for me. On my laptop at home, I use gmail's and use.perl's 'remember me', because I hit them both so often. For everything else, I let the browser remember the credentials for me. On my work machine, I only use use.perl's 'remember me' because it's very 'low value' , and only let the browser remember the credentials for work-related websites. I suppose my summary would be: if it's not high value data, provide a 'remember me'. If the content / functionality changes much depending on if you're logged in, provide a 'remember me'. Give the user the choice to work the way they want to work. ...just my 2 cents Carl _______________________________________________ List: [email protected] Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[EMAIL PROTECTED]/ Dev site: http://dev.catalyst.perl.org/
