Web Wiz - Green Windows Web Hosting
Web Wiz Homepage Search Web Wiz

  New Posts New Posts RSS Feed - Login Choices Not Saved w/Auto Login Not Selected
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Login Choices Not Saved w/Auto Login Not Selected
 Post Reply Post Reply
Author
  Topic Search Topic Search  Topic Options Topic Options
WebWizForumUser View Drop Down
Newbie
Newbie


Joined: 02 September 2008
Location: Virginia, USA
Status: Offline
Points: -17 		Post Options Post Options   Thanks (0) Thanks(0)   Quote WebWizForumUser Quote  Post ReplyReply Direct Link To This Post Topic: Login Choices Not Saved w/Auto Login Not Selected
    Posted: 22 April 2012 at 3:52pm
When a user logs in and selects "No" in the "Keep me Logged-in on this computer (requires cookies)" the forum software does not remember that choice when that user returns to the forum and logs in again.  The fact that the user does not wish to be automatically logged in used to be retained.   Further, it seems that the forum software could easily retain in the cookie that the user has previously accepted the Forum Rules and Policies, but it does not.  It appears that it is an unintended error that the returning user must again click the No button  for the auto log on choice and an unnecessary requirement to always indicate their acceptance of the Forum Rules and Policies even though this acceptance has been indicated in the past each time they have logged on.
Back to Top
iSec View Drop Down
Senior Member
Senior Member
Avatar

Joined: 13 February 2005
Status: Offline
Points: 1140 		Post Options Post Options   Thanks (0) Thanks(0)   Quote iSec Quote  Post ReplyReply Direct Link To This Post Posted: 22 April 2012 at 7:17pm
Originally posted by WebWizForumUser WebWizForumUser wrote:

...an unnecessary requirement to always indicate their acceptance of the Forum Rules and Policies even though this acceptance has been indicated in the past each time they have logged on.

I wanna comment on the quoted comment above. How would the forum software know that the user who's trying to login again is the same person who logged in previously? It could well be a shared computer used by more than one user. Wouldn't you agree?
"When it gets dark enough, you can see the stars"
-Charles A. Beard
Back to Top
WebWizForumUser View Drop Down
Newbie
Newbie


Joined: 02 September 2008
Location: Virginia, USA
Status: Offline
Points: -17 		Post Options Post Options   Thanks (0) Thanks(0)   Quote WebWizForumUser Quote  Post ReplyReply Direct Link To This Post Posted: 22 April 2012 at 7:43pm
Originally posted by iSec iSec wrote:

Originally posted by WebWizForumUser WebWizForumUser wrote:

...an unnecessary requirement to always indicate their acceptance of the Forum Rules and Policies even though this acceptance has been indicated in the past each time they have logged on.

I wanna comment on the quoted comment above. How would the forum software know that the user who's trying to login again is the same person who logged in previously? It could well be a shared computer used by more than one user. Wouldn't you agree?
Of course, but that is completely irrelevant.  That circumstance could be exactly the reason that the user chose to NOT have their log on persist.  When you return to the forum and are prompted to log on again, you get the default settings for all the choices again which are Yes for keep me logged on and Yes for add me to the active users and No for acceptance of the forum rules and policies.  At the very least, for someone who last said they did not want to be remembered, they should not have to once again check the No button.  See below to understand why it is okay to leave all the buttons set as the last were for the most recent user of that computer that logged on the forum.

As for your concern that someone else could be using a shared computer, the real security gap is exactly that case where the last user said to remember them and automatically log them on.  This allows the next user to get onto the forum bypassing the log on sequence completely.  There is simply no protection against this issue with the ability to be automatically logged on.  In the case where someone has said in the past that they do not want to be logged on automatically, the new user must know the other person's log on credentials in order for there to be a security risk to the forum!  So, there is no harm in the software's assuming that the last user of the computer is also the next user and leaving the 3 buttons set as that user last left them.  Any new user cannot do anything other than the public can do without having forum credentials.

So, while I agree that the next user of that computer could be a different person, it does not concern me at all and is not a security risk.  Do you agree with what I have said?
Back to Top
WebWiz-Bruce View Drop Down
Admin Group
Admin Group
Avatar
Web Wiz Developer

Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844 		Post Options Post Options   Thanks (0) Thanks(0)   Quote WebWiz-Bruce Quote  Post ReplyReply Direct Link To This Post Posted: 23 April 2012 at 9:26am
New laws on cookies mean that each time the user logs in they have to accept the rules, which you should update, if you have not already, to include a clause to allow you to set cookies on the user computer.

The new laws on cookies mean that you have to get permission before you can set cookies on the users computer, this is done through the forums rules and policies. The use of cookies also has to be kept to a minimum and if the user does not want auto login then session cookies will be used, so settings like whether they want auto login or not can not be remembered.

The default option to auto login the member when they next return has been the same now for 11 years, without any one bringing this up as an issue. I am sure that if this was changed as so many people are used to it by now that allot of people would not like this turn off by default.
Web Wiz Forums Hosting
ASP.NET Web Hosting
Back to Top
WebWizForumUser View Drop Down
Newbie
Newbie


Joined: 02 September 2008
Location: Virginia, USA
Status: Offline
Points: -17 		Post Options Post Options   Thanks (0) Thanks(0)   Quote WebWizForumUser Quote  Post ReplyReply Direct Link To This Post Posted: 23 April 2012 at 2:36pm
Thank you for the explanation.  I had not taken into account the changing legal requirements in Europe and the US.
Back to Top
 Post Reply Post Reply

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.08
Copyright ©2001-2026 Web Wiz Ltd.

Become a Fan on Facebook Follow us on X Connect with us on LinkedIn Web Wiz Blogs
About Web Wiz | Contact Web Wiz | Terms & Conditions | Cookies | Privacy Notice

Web Wiz is the trading name of Web Wiz Ltd. Company registration No. 05977755. Registered in England and Wales.
Registered office: Web Wiz Ltd, Unit 18, The Glenmore Centre, Fancy Road, Poole, Dorset, BH12 4FB, UK.

Prices exclude VAT at 20% unless otherwise stated. VAT No. GB988999105 - $, € prices shown as a guideline only.

Copyright ©2001-2026 Web Wiz Ltd. All rights reserved.