Welcome to Codidact Meta!
Codidact Meta is the meta-discussion site for the Codidact community network and the Codidact software. Whether you have bug reports or feature requests, support questions or rule discussions that touch the whole network – this is the site for you.
Comments on Signing in should sign you in on all sites
Parent
Signing in should sign you in on all sites
It looks to me like the session cookie that holds one's user session credentials is currently bound to the specific site.
The result of this is that you need to sign in separately to, say, Scientific Speculation and Codidact Meta.
If that is correct, then if the cookie was set to apply to all subdomains of codidact.com
instead of simply the one the user signs in to, switching between sites wouldn't require signing in separately on each.
Either way, I'd like to not need to sign in separately on each site under codidact.com.
Similarly, signing out should sign you out of all sites, not just the one where you click "sign out".
Post
Spontaneously, I'd yell "I like this feature too!". Until I start to ponder a bit deeper.
Here's the catch: please keep in mind that people may wish to use different accounts for different sites.
For example: someone might want to use their professional public self on the main programming site, but use a private alias on the "for fun" code golf site. Similarly, it is also likely that there are several real persons using the same computer, not necessarily with their own private OS login which would have helped separating web browser cookies.
Setups like above are possible on Stack Exchange, but it was always a pain in the neck to get right, because of cookies keeping track of your log-in. This was a real problem for me there:
- I have my public main account registered to various sites on my work computer.
- At home, I also use the same account on a couple of those sites. As well as a private account registered various other sites for private "hobby stuff".
- When checking one of the sites on the main account from home, I might get a cross-site notification about a post from another site, where I'm not logged in at from the home computer.
- Then when I attempt to login at that site, the dumb thing instead finds my private account in some cookie jar and tries to log in with that one. Effectively blocking me from logging in with my main account to that site on that computer.
- If I log out the private account, I can no longer log in to the sites it was previously logged in at, because then it finds the main account instead. Catch 22 deadlock.
Please, no automatic cross-site logins based on cookies. Or at least give people the option to log in and log out at each site manually.
0 comment threads