- From: Bjoern Hoehrmann <derhoermi@gmx.net>
- Date: Mon, 26 Sep 2011 20:38:11 +0200
- To: John Kemp <john@jkemp.net>
- Cc: "www-tag@w3.org List" <www-tag@w3.org>
* John Kemp wrote: >The problem is that users (whether laymen or IT professionals) expect >that when they click 'logout' or 'remove my cookies', their 'session' >state with that site is removed. I certainly have that expectation too. >After all, a session should be a session. Not some indefinite period of >time. What is the valid need for 'client state' when the client is not >working on my behalf at the server (ie. I am logged-in at that site?) So the state information can be used during the next sign-in. Martin J. Dürst already noted retaining the user's locale to present the sign-in page in the user's preferred language. Another use would be logging the user out more aggressively when the user signs in using an unfamiliar browser like from an Internet Cafe. Note that you can turn this around and question setting cookies before the user logs in or does something else that indicates the user would like state to be maintained (adding something to a shopping cart for instance). The only difference is that the data can be associated with the account more easily and accurately. -- Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
Received on Monday, 26 September 2011 18:38:34 UTC