Gossamer Forum
Quote Reply
cookies
Bug report:

When a user is signing up for a new account, they get asked if they want to use cookies.

Somehow this setting is lost at some point, because when the new users logs in, the authentication is done through cookies, no matter what the user selected when signing up (except when they select "Don't use cookies" on the login page, but that shouldn't be necessary, because they already explicitely stated that they don't want to use cookies).

I am using version 1.0.0

--------------------

Comment:

In my opinion you should take out the "Use cookies" checkbox from the sign-up page. There should be an option for the administrator to select if new users by default authenticate through cookies or not.

Of course, the individual user should be able to select themselves if they want to use cookies or not, and they can do that by selecting the appropriate thing on the login screen.

The user can of course set their personal preference on the login page and in their profile.


Ivan
-----
Iyengar Yoga Resources / GT Plugins
Quote Reply
Re: [yogi] cookies In reply to
In Reply To:
Somehow this setting is lost at some point, because when the new users logs in, the authentication is done through cookies, no matter what the user selected when signing up (except when they select "Don't use cookies" on the login page, but that shouldn't be necessary, because they already explicitely stated that they don't want to use cookies).

Ah yes, this is indeed a bug. It happened some time ago when we changed the default value of using cookies from no to yes. I've fixed that up.

In Reply To:
In my opinion you should take out the "Use cookies" checkbox from the sign-up page. There should be an option for the administrator to select if new users by default authenticate through cookies or not.

The admin can change the login screen however they like. If you want to take off the "Use cookies" option, just change the checkbox into a hidden field with a value of 1 - that would make cookies on by default - or leave it off, which would make cookies off by default (fixed in 1.0.1).

In Reply To:
Of course, the individual user should be able to select themselves if they want to use cookies or not, and they can do that by selecting the appropriate thing on the login screen.

In retrospect, it does seem to be somewhat pointless to choose whether or not to use cookies, then have to choose again each time you log in. However, I think there's still something to be said for just being able to type your username/password, then hitting enter. It's one less click - I'm not sure whether or not it is worthwhile.

In Reply To:
The user can of course set their personal preference on the login page and in their profile.

One alternative would be to take it out of the user settings. This way, you don't have it in the signup page, but still have the checkbox on the login page. It would also come out of the profile. Basically, every time you log in would be with cookies unless you click the "Don't Use Cookies" box.

Jason Rhinelander
Gossamer Threads
jason@gossamer-threads.com
Quote Reply
Re: [jagerman] cookies In reply to
In Reply To:
One alternative would be to take it out of the user settings. This way, you don't have it in the signup page, but still have the checkbox on the login page. It would also come out of the profile. Basically, every time you log in would be with cookies unless you click the "Don't Use Cookies" box.
I like that suggestion. Like this you can choose as an administrator what your preference is (by putting the appropriate value in the template), and the user can also do what they like every time they log in. And the signing up is less complicated as well.


Ivan
-----
Iyengar Yoga Resources / GT Plugins
Quote Reply
Re: [yogi] cookies In reply to
It would involve taking it out completely - the administrator wouldn't control the default. Basically, a user would always be logging in with cookies unless they checked the "Don't use cookies" box. Of course, the administrator could default the box to checked, or even make it a hidden tag (or take it out) to force always using cookies or not using cookies, but it wouldn't be recommended.

Jason Rhinelander
Gossamer Threads
jason@gossamer-threads.com