Print Page | Close Window

Login Choices Not Saved w/Auto Login Not Selected

Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Forums
Forum Description: Support forum for Web Wiz Forums application.
URL: https://forums.webwiz.net/forum_posts.asp?TID=30293
Printed Date: 31 March 2026 at 3:07pm
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com


Topic: Login Choices Not Saved w/Auto Login Not Selected
Posted By: WebWizForumUser
Subject: Login Choices Not Saved w/Auto Login Not Selected
Date Posted: 22 April 2012 at 3:52pm
When a user logs in and selects "No" in the "Keep me Logged-in on this computer (requires cookies)" the forum software does not remember that choice when that user returns to the forum and logs in again.  The fact that the user does not wish to be automatically logged in used to be retained.   Further, it seems that the forum software could easily retain in the cookie that the user has previously accepted the Forum Rules and Policies, but it does not.  It appears that it is an unintended error that the returning user must again click the No button  for the auto log on choice and an unnecessary requirement to always indicate their acceptance of the Forum Rules and Policies even though this acceptance has been indicated in the past each time they have logged on.


Replies:
Posted By: iSec
Date Posted: 22 April 2012 at 7:17pm
Originally posted by WebWizForumUser WebWizForumUser wrote:

...an unnecessary requirement to always indicate their acceptance of the Forum Rules and Policies even though this acceptance has been indicated in the past each time they have logged on.

I wanna comment on the quoted comment above. How would the forum software know that the user who's trying to login again is the same person who logged in previously? It could well be a shared computer used by more than one user. Wouldn't you agree?


-------------
"When it gets dark enough, you can see the stars"
-Charles A. Beard

Posted By: WebWizForumUser
Date Posted: 22 April 2012 at 7:43pm
Originally posted by iSec iSec wrote:

Originally posted by WebWizForumUser WebWizForumUser wrote:

...an unnecessary requirement to always indicate their acceptance of the Forum Rules and Policies even though this acceptance has been indicated in the past each time they have logged on.

I wanna comment on the quoted comment above. How would the forum software know that the user who's trying to login again is the same person who logged in previously? It could well be a shared computer used by more than one user. Wouldn't you agree?
Of course, but that is completely irrelevant.  That circumstance could be exactly the reason that the user chose to NOT have their log on persist.  When you return to the forum and are prompted to log on again, you get the default settings for all the choices again which are Yes for keep me logged on and Yes for add me to the active users and No for acceptance of the forum rules and policies.  At the very least, for someone who last said they did not want to be remembered, they should not have to once again check the No button.  See below to understand why it is okay to leave all the buttons set as the last were for the most recent user of that computer that logged on the forum.

As for your concern that someone else could be using a shared computer, the real security gap is exactly that case where the last user said to remember them and automatically log them on.  This allows the next user to get onto the forum bypassing the log on sequence completely.  There is simply no protection against this issue with the ability to be automatically logged on.  In the case where someone has said in the past that they do not want to be logged on automatically, the new user must know the other person's log on credentials in order for there to be a security risk to the forum!  So, there is no harm in the software's assuming that the last user of the computer is also the next user and leaving the 3 buttons set as that user last left them.  Any new user cannot do anything other than the public can do without having forum credentials.

So, while I agree that the next user of that computer could be a different person, it does not concern me at all and is not a security risk.  Do you agree with what I have said?

Posted By: WebWiz-Bruce
Date Posted: 23 April 2012 at 9:26am
New laws on cookies mean that each time the user logs in they have to accept the rules, which you should update, if you have not already, to include a clause to allow you to set cookies on the user computer.

The new laws on cookies mean that you have to get permission before you can set cookies on the users computer, this is done through the forums rules and policies. The use of cookies also has to be kept to a minimum and if the user does not want auto login then session cookies will be used, so settings like whether they want auto login or not can not be remembered.

The default option to auto login the member when they next return has been the same now for 11 years, without any one bringing this up as an issue. I am sure that if this was changed as so many people are used to it by now that allot of people would not like this turn off by default.


-------------
https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting
https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting

Posted By: WebWizForumUser
Date Posted: 23 April 2012 at 2:36pm
Thank you for the explanation.  I had not taken into account the changing legal requirements in Europe and the US.


Print Page | Close Window

Forum Software by Web Wiz Forums® version 12.08 - https://www.webwizforums.com
Copyright ©2001-2026 Web Wiz Ltd. - https://www.webwiz.net