W3C home > Mailing lists > Public > www-tag@w3.org > September 2011

Re: Logging out from Facebook

From: Bjoern Hoehrmann <derhoermi@gmx.net>
Date: Mon, 26 Sep 2011 20:38:11 +0200
To: John Kemp <john@jkemp.net>
Cc: "www-tag@w3.org List" <www-tag@w3.org>
Message-ID: <10g187d9ld458lmlo2egfo1q0kqn07c42g@hive.bjoern.hoehrmann.de>
* John Kemp wrote:
>The problem is that users (whether laymen or IT professionals) expect
>that when they click 'logout' or 'remove my cookies', their 'session'
>state with that site is removed. I certainly have that expectation too.
>After all, a session should be a session. Not some indefinite period of
>time. What is the valid need for 'client state' when the client is not
>working on my behalf at the server (ie. I am logged-in at that site?)

So the state information can be used during the next sign-in. Martin J.
Dürst already noted retaining the user's locale to present the sign-in
page in the user's preferred language. Another use would be logging the
user out more aggressively when the user signs in using an unfamiliar
browser like from an Internet Cafe. Note that you can turn this around
and question setting cookies before the user logs in or does something
else that indicates the user would like state to be maintained (adding
something to a shopping cart for instance). The only difference is that
the data can be associated with the account more easily and accurately.
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 
Received on Monday, 26 September 2011 18:38:34 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 26 April 2012 12:48:39 GMT