aboutsummaryrefslogtreecommitdiff
path: root/doc/bugs
diff options
context:
space:
mode:
authorJoey Hess <joey@kodama.kitenet.net>2008-11-06 13:56:41 -0500
committerJoey Hess <joey@kodama.kitenet.net>2008-11-06 13:56:41 -0500
commit3689d28f3aedf011b957025c280f9c9a9a2a296c (patch)
treea1ee66788cca48eda6d8c4eb31ea09d25d64a9a0 /doc/bugs
parent56fd048210d3606c98f69b72f978fbd06f5520ab (diff)
downloadikiwiki-3689d28f3aedf011b957025c280f9c9a9a2a296c.tar
ikiwiki-3689d28f3aedf011b957025c280f9c9a9a2a296c.tar.gz
response
Diffstat (limited to 'doc/bugs')
-rw-r--r--doc/bugs/login_page_should_note_cookie_requirement.mdwn12
1 files changed, 12 insertions, 0 deletions
diff --git a/doc/bugs/login_page_should_note_cookie_requirement.mdwn b/doc/bugs/login_page_should_note_cookie_requirement.mdwn
index b87928da1..e2d5a352b 100644
--- a/doc/bugs/login_page_should_note_cookie_requirement.mdwn
+++ b/doc/bugs/login_page_should_note_cookie_requirement.mdwn
@@ -1,5 +1,17 @@
At the moment, you go through the login shuffle and then are told that cookies are needed, so you lose all your data and login again. It would be much slicker to note by the edit link, or at least on the login page, that cookies are required.
+> Hmm, it seems to me to be fairly obvious, since the vast majority of
+> websites that have a login require cookies. Such warnings used to be
+> common, but few sites bother with them anymore. --[[Joey]]
+
Even better would be to only display the cookie note as a warning if the login page doesn't receive a session cookie.
+> I considered doing this before, but it would require running the cgi once
+> to attempt to set the cookie and then redirecting to the cgi a second
+> time to check if it took, which is both complicated and probably would
+> look bad.
+
Best of all would be to use URL-based or hidden-field-based session tokens if cookies are not permitted.
+
+> This is not very doable since most of the pages the user browses are
+> static pages in a static location.