[pmwiki-users] Proposed change to password memorization

Sven Opitz VGer at gmx.info
Thu Feb 24 15:44:38 CST 2005


Hi Patrick R. Michaud,

On Thu, 24 Feb 2005 15:41:18 -0600

"Patrick R. Michaud" <pmichaud at pobox.com> wrote:

> On Thu, Feb 24, 2005 at 08:23:52PM +0100, Sven Opitz wrote:
> > "Patrick R. Michaud" <pmichaud at pobox.com> wrote:
> > > My proposal is to have the session's passwords automatically
> > > forgotten whenever the "change attributes" form is used.
> > 
> >   I think, that would be too much. [...]
> >   But I _see_ now, if I am logged in.
> 
> Unless one is using user-based authorization, there's no concept
> of "being logged in" -- there's only the set of passwords that
> have been entered thus far.  I suppose one could say that if
> any password has been entered then the author has "logged in",
> but it still doesn't help them to understand why they aren't
> being prompted for a password when they set one on a page.

  Well it depends on the visual change of the page. I agree, a "You have
  entered the edit password" at the bottom of the page is as good as
  doing nothing, but a red block at the top of the page, that only
  appears when logged in, and that gives you your password status should
  be enough for anyone? It could be done with markup and css, so anyone
  can decide how much it has to be "in your face", and to fit it into
  the page. Automatic logoff is just a pain, when you are changing
  several pages and then check them one by one. Especially, as it is
  unintuitive behaviour. The user expects to be logged in, until he logs
  out or has reached a timeout.
  I don't like the idea of "use your status to loose your status", that
  is counter-intuitive.

-- 
Sven Opitz





More information about the pmwiki-users mailing list