W3C home > Mailing lists > Public > www-tag@w3.org > September 2011

Re: Logging out from Facebook

From: Martin J. Dürst <duerst@it.aoyama.ac.jp>
Date: Tue, 27 Sep 2011 14:38:59 +0900
Message-ID: <4E816173.50006@it.aoyama.ac.jp>
To: John Kemp <john@jkemp.net>
CC: Bjoern Hoehrmann <derhoermi@gmx.net>, "www-tag@w3.org List" <www-tag@w3.org>
On 2011/09/27 3:53, John Kemp wrote:

> How does the site know who the *user* is, if the user is not logged-in?

Here's another example that I just became aware of, and that most of you 
should be familiar with: Amazon.

I haven't analyzed any details, but if I simply go to Amazon, it's 
saying: "Hello, Martin Duerst ...".

At that point, I haven't actually logged in at all, but I can edit my 
wish list, and can make it public or private, for example. The link that 
says "Not Martin?" has an URI that starts with 
http://www.amazon.com/gp/flex/sign-out.html,
so from an Amazon-internal perspective, it seems they are assuming I'm 
logged in, but I never actually did log in there (I of course log in 
using https: when I actually buy something, and there Amazon is quite 
thorough in logging me out from their side after something like 5 
minutes or so).

That lets me suspect that there may be different needs/degrees for being 
"identified" or "logged in", not just a simple black/white distinction. 
Also, there may be a need for "automatic login" (i.e. without any dialog)


> Yes, I understand that the preferred locale of an unidentified user is important information in presenting a webpage that works for the user. But if the user is not logged-in, the site should only assume that a user who desires locale X is visiting their site.

I agree. If the site is only using the Accept-Language header sent from 
the browser, or only uses a cookie for that purpose and nothing more, 
that should be fine.


Regards,    Martin.
Received on Tuesday, 27 September 2011 05:39:37 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 26 April 2012 12:48:39 GMT