At 04:08 PM 1/24/2004 -0800, Karl Hallowell wrote:
>I was helping a couple of friends register with FX. We ran across a couple
>of problems that I had forgotten about. First, the only way to login is to
>know the user ID. If you forget that, then you're out of luck.
True... but you can get your UID remailed to you via the Profile
page. Maybe that has to be made more obvious?
>Second, it's time to use HTML "posts" to submit data to the FX server
>rather than "gets". That's because the get data (which includes
>passwords!) ends up in the URL. A typical session for me is to open my
>account page with password entered. Then when I click on a claim symbol,
>it brings me to the claim page complete with order data. That's the "get"
>that should be a "post".
I guess we can do that, but then all the claim symbol "links" on the
account page would have to be submit buttons, wouldn't they? I think we
avoided this route initially because having all those buttons on the page
looked pretty weird. Maybe nowadays with style sheets etc. the appearance
could be made to be more appealing.
also check for an explicitly provided uid and password. This would avoid
having passwords in URLs, and probably simplify the UI flow through. I
realize not everyone likes cookies, so we could still recognize explicit
uid and password variables too.
Ken Kittlitz http://www.javien.com