W3C home > Mailing lists > Public > www-tag@w3.org > September 2011

Re: Logging out from Facebook

From: John Kemp <john@jkemp.net>
Date: Tue, 27 Sep 2011 09:36:41 -0400
Cc: Bjoern Hoehrmann <derhoermi@gmx.net>, "www-tag@w3.org List" <www-tag@w3.org>
Message-Id: <A48B8B59-D5D1-4597-BC4E-B4F1CA7685F1@jkemp.net>
To: "Martin J. Dürst" <duerst@it.aoyama.ac.jp>
On Sep 27, 2011, at 1:38 AM, Martin J. Dürst wrote:

> On 2011/09/27 3:53, John Kemp wrote:
>> How does the site know who the *user* is, if the user is not logged-in?
> Here's another example that I just became aware of, and that most of you should be familiar with: Amazon.
> I haven't analyzed any details, but if I simply go to Amazon, it's saying: "Hello, Martin Duerst …"

Yes, that's an interesting example. No-one has yet (AFAIK) complained about this feature. 

> .
> At that point, I haven't actually logged in at all, but I can edit my wish list, and can make it public or private, for example. The link that says "Not Martin?" has an URI that starts with http://www.amazon.com/gp/flex/sign-out.html,
> so from an Amazon-internal perspective, it seems they are assuming I'm logged in, but I never actually did log in there (I of course log in using https: when I actually buy something, and there Amazon is quite thorough in logging me out from their side after something like 5 minutes or so).
> That lets me suspect that there may be different needs/degrees for being "identified" or "logged in", not just a simple black/white distinction.

Agreed. But in most people's minds I believe that there is a fairly black/white distinction.

> Also, there may be a need for "automatic login" (i.e. without any dialog)

What do you mean by "automatic login"?


- John

>> Yes, I understand that the preferred locale of an unidentified user is important information in presenting a webpage that works for the user. But if the user is not logged-in, the site should only assume that a user who desires locale X is visiting their site.
> I agree. If the site is only using the Accept-Language header sent from the browser, or only uses a cookie for that purpose and nothing more, that should be fine.
> Regards,    Martin.
Received on Tuesday, 27 September 2011 13:44:01 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:56:40 UTC