Ideosphere Forum

Re: fx-devel: couple of comments

Author: Ken Kittlitz
Conversation: fx-devel: couple of comments ( prev | next ) reply!
Topic: fx-devel ( prev | next )
In-Reply-To: someone's post
Date: Sun Jan 25, 2004 08:21 pm
Karl Hallowell
Ken Kittlitz




At 04:08 PM 1/24/2004 -0800, Karl Hallowell wrote:
>I was helping a couple of friends register with FX. We ran across a couple
>of problems that I had forgotten about. First, the only way to login is to
>know the user ID. If you forget that, then you're out of luck.

True... but you can get your UID remailed to you via the Profile
page. Maybe that has to be made more obvious?

>Second, it's time to use HTML "posts" to submit data to the FX server
>rather than "gets". That's because the get data (which includes
>passwords!) ends up in the URL. A typical session for me is to open my
>account page with password entered. Then when I click on a claim symbol,
>it brings me to the claim page complete with order data. That's the "get"
>that should be a "post".

I guess we can do that, but then all the claim symbol "links" on the
account page would have to be submit buttons, wouldn't they? I think we
avoided this route initially because having all those buttons on the page
looked pretty weird. Maybe nowadays with style sheets etc. the appearance
could be made to be more appealing.

A better solution might be to use cookies for default authentication, but
also check for an explicitly provided uid and password. This would avoid
having passwords in URLs, and probably simplify the UI flow through. I
realize not everyone likes cookies, so we could still recognize explicit
uid and password variables too.
---
Ken Kittlitz http://www.javien.com

source



All trademarks, copyrights, and messages on this page are owned by their respective owners.
Forum: Copyright (c) 2000-2001 Javien Inc All rights reserved. Distributed under the GPL