Would it make sense to have three levels of "logged-in-ness", like:
1. unknown user (first visit or has cookies off)
2. known user, but not logged in or doesn't have account yet
3. logged in user (allow access to secret info)
At level 2 we think we know who they are, but don't trust them yet. Levels
1 and 3 are what FreeTrade does now.
The cool thing about this (that isn't possible with the current FreeTrade)
is that we can have site preferences (like frames/noframes) and shopping
carts that persist across visits to the site, even if the user hasn't logged
in or created an account yet. This is like Amazon and most other big
ecommerce sites.
I could see doing this by changing the session managment slightly to give
the user a *permanent* session_id cookie, that just gets time refreshed on
the *server* side (so there will still be a X-minute timeout, in case
someone logs in and walks away).
Any problems with this?
- Isaac =)
|----------------------------|\ | | | /|----------------------------|
Isaac Reuben | \| | |/ | [EMAIL PROTECTED]
-------------------------
"Maybe she's just pieces of me you've never seen" - Tori Amos
|-------------------------------------------------------------------|
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Site: http://www.working-dogs.com/freetrade/
Problems?: [EMAIL PROTECTED]
