[pmwiki-users] Proposed change to password memorization
Sven Opitz
VGer at gmx.info
Thu Feb 24 15:44:38 CST 2005
Hi Patrick R. Michaud,
On Thu, 24 Feb 2005 15:41:18 -0600
"Patrick R. Michaud" <pmichaud at pobox.com> wrote:
> On Thu, Feb 24, 2005 at 08:23:52PM +0100, Sven Opitz wrote:
> > "Patrick R. Michaud" <pmichaud at pobox.com> wrote:
> > > My proposal is to have the session's passwords automatically
> > > forgotten whenever the "change attributes" form is used.
> >
> > I think, that would be too much. [...]
> > But I _see_ now, if I am logged in.
>
> Unless one is using user-based authorization, there's no concept
> of "being logged in" -- there's only the set of passwords that
> have been entered thus far. I suppose one could say that if
> any password has been entered then the author has "logged in",
> but it still doesn't help them to understand why they aren't
> being prompted for a password when they set one on a page.
Well it depends on the visual change of the page. I agree, a "You have
entered the edit password" at the bottom of the page is as good as
doing nothing, but a red block at the top of the page, that only
appears when logged in, and that gives you your password status should
be enough for anyone? It could be done with markup and css, so anyone
can decide how much it has to be "in your face", and to fit it into
the page. Automatic logoff is just a pain, when you are changing
several pages and then check them one by one. Especially, as it is
unintuitive behaviour. The user expects to be logged in, until he logs
out or has reached a timeout.
I don't like the idea of "use your status to loose your status", that
is counter-intuitive.
--
Sven Opitz
More information about the pmwiki-users
mailing list