denise: Image: Me, facing away from camera, on top of the Castel Sant'Angelo in Rome (Default)
Denise ([staff profile] denise) wrote in [site community profile] dw_biz2010-10-21 02:18 am

RFC: Multiple Account Model

So, one of the things we want to do -- and it's a project that has gotten some developer interest lately -- is make it so that you can associate/link accounts together, so (for instance) you can switch to commenting or posting as your alternate/secondary/fic/RP/whatever journal more easily than logging out and logging back in. We've done some work to spec the problem, but I figured it would be time to toss it out to you guys here and see what other things we've forgotten to think of and what use cases we don't know about yet!

More discussion on the problem can be found at Bug 76. Here are two of the documents that have been written to try to "spec out" the project. Please read them over if you have a chance, and give your feedback.

Draft spec, written by cesy

From one of the manage settings pages, have "manage secondary accounts"

On new manage secondary accounts page, have:
Create a new secondary account - standard flow, but is automatically already connected, and gets created with all the same settings as your primary account
Link an existing account to this one (requires password to the other account)
Unlink one of the secondary accounts from the primary account (has a large and obvious "Are you sure about that?" message)
An option to show/hide links between accounts - can display list of secondary accounts on primary profile, and link to primary profile on secondary profiles
An option to select which account is the primary journal - the primary journal will be default on things like the update page and when commenting

Other pages that will need updating:

Shop - as well as "buy paid time for me" and "buy paid time for another user", need "buy paid time for my secondary account(s)" (which might be discounted)

Edit profile drop-down should list all secondary accounts, as should customize style, manage filters, edit userpics, etc.

Update.bml needs both "post to journal" drop-down (includes all comms and all accounts) and "post as" drop-down (which is disabled if the secondary account can't post to that comm, and defaults to match the journal selected). "Post as" doesn't display unless you have secondary journals.

All comment boxes would need a drop-down to choose who to work as. Ideally this would show normally, not require clicking the "Other"/"More options" button. This should also not display for people who don't have secondary journals.

On options/settings pages, at the bottom, instead of just "Save", have "Save for this journal" and "Save for all journals" (but only if the user has a secondary journal, otherwise leave it as just "Save".)

Other notes:

If someone has given access to any one of your accounts, and you go to their journal, you see the locked entries.
If someone has given access to only one of your accounts, and you subscribe to them from another account, what happens when you look at the reading page of that account? Do you see the locked entries or not?

If you click to subscribe, unsubscribe, grant or remove access or join or leave a community and you get the usual confirmation page, that should include a "Do this as which account?" thing.
The pop-up hover menus should behave as usual for the main account, and ignore secondary accounts.

Can secondary accounts have different email addresses?

Creating a secondary account should require an invite code?

Have a careful think about transferring a secondary account from one primary account to another.

Further considerations, written by tyggerjai

Goal: To streamline management of multiple journals and journal features for a single user account. Mostly involving addition of “Manage accounts” interface, but with implications for ban settings, reading pages, and access lists.

[A note on terminology: Part of the current issue is that there is a conflation of a “journal” with an “account”. An “account” represents a human being, but it has become obvious that many DW users want and have multiple journals. This entire project stems from the fact that accounts and journals, while historically identical, are de facto different things. Discussion of which things are “account” based (login, killfiles, subscription, access to someone else's journal) and which things are “journal” based (tags, entries, access to read one of my journals) are probably beyond scope for this bug (although see “Potential problems” at the end). I shall use the term “journal” in this document unless I wish to make a point about the distinction, because at the moment, journal is the paradigm we have to work with.]

Annabel has a Dreamwidth journal – dw_annabel – which she started when she first found Dreamwidth. It has mostly personal updates about her life, but she doesn't talk about her work. Mostly because her mother reads the dw_annabel journal, and rather than maintain access lists, or risk having her mother find out what she actually does for a living, Annabel maintains another journal for her work stories – work_annabel. Recently, Annabel has discovered the joy of writing speculative fiction, so she has started another journal, fic_annabel, for working on a novel. She's co-writing it with her friend Boris, so Boris also has the password for that journal. Annabel is growing increasingly weary of constantly logging in and out to post on various journals, and she would like the following:

1)When she is logged in as “dw_annabel”, which she considers her “primary” account, she'd like to be able to manage all her journals from the management interface. Everything she can do to dw_annabel (style, circle management, privacy management, etc), she wants to do from one central screen as dw_annabel. It'd even be nice if she could choose to apply to things like screenings to all her journals at once, although she'd need to be able to change settings per-journal as well.

2)She'd like to be able to subscribe to some other journals via her personal journal, and some via her work journal (so that her mother never knows about them!). But she'd like to read them on the same page – one central reading page. She'd still like to be able to filter, though – for her fiction, sometimes she just wants to read fic_annabel's reading page.

3)Similarly, when she's reading as dw_annabel, she would like to read any post that has given access to her work_annabel or fic_annabel journals.

4)She'd like a link to the fic_annabel journal to show up on the profile for dw_annabel, and vice versa, as being her journals. But under no circumstances should her mother be able to discover a connection between dw_annabel and work_annabel!

5)Recently, she had someone making unpleasant comments in fic_annabel, and has banned them. She'd like that ban to be applied across all her journals – fic_annabel, dw_annabel and work_annabel. Just in case. But she'd also like to be able to revoke that ban just on fic_annabel, in case it turns out she's banned Boris.

6)When she goes to make a post she definitely needs to be able to choose which journal to post to. When she goes to leave a comment in she needs to be able to choose whether it shows up as a post from dw_annabel, fic_annabel, or annabel_work. She doesn't want to “log in” as fic_annabel – fic_annabel isn't a person, and she can do everything she needs to do to manage the fic_annabel journal as dw_annabel.

7)She can see a day, possibly soon, when she will grow weary of the fic_annabel story. She'd like to know that when the time comes, she can hand it off to Boris and untangle herself from it.

8)When she does that, she'll probably want to start another journal for her own fiction. She should be able to do that as dw_annabel, give it a new name, and start using it, without ever having to log in, log out, or otherwise manually tell the DW system that she owns it.

That's about all Annabel wants to do, really....

Skillsets: Everything and then some. This is backend, frontend, graphical, UX, business, scalability, and some things I haven't thought of yet.

[Another note on terminology. “Link” is somewhat overloaded here, since it can refer either to a managerial connection between to accounts, or a visible “a href=” on a profile page. I'll reserve “link” for the visible connection, and use “associate” for the higher level managerial connection.]

1)The project MUST provide a method of associating journals, with a single signon to edit and maintain them. Whether we call it “primary/secondary”, or “one account, many journals”, the heart of this project is the ability to log in as dw_annabel and modify fic_annabel and work_annabel. That has two components:

a) Migration of existing journals. It MUST be possible for a user with multiple journals to declare one of them a “primary” journal, and associate other existing journals with it.

b) Creation of future journals. It SHOULD be possible, once this project is implemented, to create journals with automatic association to an existing primary. (NB. This is a should because migration is a must, and if we have that, users can create and then migrate. Realistically, though, it's a “really should”.)

2)The project MUST provide a method for managing linked journals from a single central interface. This interface MUST replicate the current management functionality for each associated journal without requiring log out/log in for that journal account, if the user is logged in with their primary account credentials. This interface SHOULD provide the ability to apply changes to multiple journals at once, but if it does so, it MUST retain the ability to override settings on a per-journal basis.

3)The project SHOULD provide a single central reading page for the primary account, which will incorporate all journals to which all associated journals are subscribed. Such an interface SHOULD include locked posts to which any associated journal has access. However, if such an interface is present, it MUST be possible to filter that reading page on a per journal basis (i.e., if a user should be able to remove a given journals subscriptions from that central page). The project MUST maintain individual journal reading lists [that's more for backwards compatibility and privacy – I can currently go to work_annabel and see that reading list. It shouldn't suddenly show me dw_annabel's reading list.]

4)The project SHOULD allow a user to declare associations between journals as “Public” or “Private”. For “Public” associations, links SHOULD be shown on the profile pages of associated journals. Whether this is implemented or not, the project MUST NOT allow other users to see evidence of association between journals UNLESS the owner has explicitly declared the association public.

5)The project SHOULD allow a user to implement bans that apply to all associated journals. If implemented, this feature MUST allow a user to then rescind any given ban on any individual journal.

6)The project SHOULD implement the ability to easily select a journal to post TO when updating. The project SHOULD implement the ability to easily choose a journal to past AS when commenting on a journal. [Note: These are only shoulds because we will almost certainly retain the account/journal conflation, and therefore in theory it's possible to log out and in again. I think the focus of this bug is really the management, and this posting interface is gravy, but it's important gravy]. If implemented, the commenting interface SHOULD restrict the choice to journal identities with commenting privileges, and MUST NOT allow journal identities to comment when they are not privileged to do so. That is, if journal annabels_friend has restricted commenting access, and allows comments only from dw_annabel, the interface MUST NOT allow annabel to comment as fic_annabel or work_annabel.

7)The project SHOULD implement a mechanism for removing an associated journal. Once removed, a journal will behave like any other non-associated journal.

8)The project MAY implement the ability to “sub-associate” journals with other users. That is, while ultimate control of the account rests with the creator, they can grant other users the ability to post to the journal, or post as the journal identity, change settings, etc, without giving the other user password access. The other user MUST NOT inherit access to posts that the journal identity has been granted. (i.e., Annabel gives Boris post and edit privs to fic_annabel. Boris's reading list still does not contain items from fic_annabel's subscriptions, nor can he see items to which fic_annabel has been granted. He can, however, post as fic_annabel ). See “Potential problems” :)

Potential Problems: Where do I start? On the bright side, I think most of our problems are social rather than technical.

1)Migrating accounts. I included the shared account with Boris for a reason. Let's say we're as restrictive as possible, and the following is required to migrate an account:

a) You must have access to both email addresses, to reply to “confirm” emails. You must know the password for both accounts.

Ok. But Boris has the password, and the email address for that account is a shared one. So even once Annabel has migrated, Boris can just remigrate it. This is a problem with the existing paradigm – because journals and accounts are the same, passwords are the only control mechanism. There's no way of knowing Annabel created the account. I think that for the moment we put this in the “too hard” basket, and say “Social problem, sort it out yourselves”. We lock it down so you can only migrate an account if you have both passwords, and can respond to emails sent to both accounts. There's really not much else we can do. ( as an aside, this is the classic example of why the “single account, multiple journals” is a better long-term paradigm, but this is almost a de facto implementation of that). After a journal has been migrated, do we have a complaints resolution process for Boris to say “Hey, she stole my journal”? I don't know that we need one – what's our current procedure for people sharing passwords and then one of them changing it to lock someone else out?

2)To be honest, everything else just looks like hard work. We really, really have to make sure that the commenting interface enforces identity restriction. If you have a locked post that tyggerjai can comment on, we DO NOT let tyggerdev comment on it, even though they're the same “person”. That's the ultimate UX nono, as far as I can see.

3)Oh. Sub-association. That's down the end as a “may” because although it's a huge, huge advantage that the “Association” paradigm has over the password paradigm, it's the biggest can of worms. It's almost a whole other specification on its own. But the main points, I think, are there. Give Boris edit/post access, but restrict privacy inheritance to the original owner. There's one massive thing preventing the implementation of subassociation, though, and that's what happens if Annabel then removes her association with fic_annabel. Does Boris then inherit the access as the new owner? Does dw_annabel keep the access, and if so, with which journal do we associate it? None of this is worse than our existing paradigm with passwords – in fact, it's a lot better, because if we do need to, we can suspend fic_annabel's access to everything, send emails out to people who have given fic_annabel access saying “This journal is changing owner! If you know the new owner and you're cool with it, click here to retain their access rights. If you don't know the new owner, click here to send an email to the old owner, so they can get in touch with you to arrange new access. Or, if this is freaking you out, click here to revoke the journal's access to your journal for good.”. But this is exactly the kind of thing that makes users nervous, and that we have to have a plan for. So at the moment, it's an itty bitty “may”, and if users want to hand a journal over to someone else, they can disassociate, give the new owner the email, and move on from there. But I think we may still need to handle the access notification in that case, simply because by implementing association, we give the impression that we're moving from “Anyone could have the password to this journal so be careful” to “No, your friend owns this journal, it's fine! “

4)Actually, all of that, again, regardless of subassociation: by implementing association, we give the impression that we're moving from “Anyone could have the password to this journal so be careful” to “No, your friend owns this journal, it's fine!”. Which, of course, we're not – journals will still have passwords, and other people may still know them. We could go all the way, and break the map between journals and accounts once and for all, so journals don't have passwords, but that's a much bigger project, I think.

5)Preselecting identities to comment as based on a post's access rules is going to suck. Just saying :)

Anyway. This section should probably be much longer, but I've left it as an Exercise For The Reader, since you know your community better than I do at the moment. I think the biggest problems are social – that associating journals with users sets up an interesting disconnect – if I give tyggerdev access because I've read it and I'm interested in the dev stuff, then if the owner of tyggerdev decides he's sick of coding, but gives the journal to someone else, I don't really care. I had no investment in the person. On the other hand, maybe I did – maybe I gave tyggerdev access to my journal because I know the owner. So then when he gives it away, I'm shattered! I don't know this person! What's going on!? Again, it's no worse than the existing password-sharing shenanigans in terms of actual security, only in terms of perception. And it's only a problem ever if we let people give journals away.

So! What thoughts does this inspire in you?
weaverbird: (OMG Squee)

[personal profile] weaverbird 2010-10-21 07:13 am (UTC)(link)
see icon. *g*

I can't think of anything to add to the points in your post, but I will definitely be daydreaming about it and will come back to add my two cents if I do.
somnolentblue: statue of a woman from the waist up (Default)

[personal profile] somnolentblue 2010-10-21 07:14 am (UTC)(link)
I haven't read this through closely, for I ought to be doing things that are not reading dw, but SO EXCITED!!!!! Especially since the question of sub-association is being looked at (although I could completely see this being excessively complicated and fraught with problems), since I have a some shared admin accounts.

Mostly, I'm doing the flappy hands of glee.
speedblitz: (Default)

[personal profile] speedblitz 2010-10-21 07:15 am (UTC)(link)
I have... at least thirteen Dreamwidth journals at the moment, most of them for the purpose of RP. The one thing that I would really need implemented in a multiple account feature like this would be the ability to choose a different account's various userpics when I comment. It does me no good to "post as this account" while still logged in to my main if I can't choose icons on my secondary... which is mostly the point of logging into those secondaries to post anyway. Otherwise I'd just use the "post as a different account" feature. :)
lanterne_rouee: i believe in dreamwidth plus a typewriter (dw believe typewriter)

[personal profile] lanterne_rouee 2010-10-21 07:16 am (UTC)(link)
I don't understand any of the Boris stuff. I think for a collaboration, people should make a community. No giving away of passwords or journals. o.O

To me - and I have a feeling this may turn out to be an unpopular opinion - it's not important or necessary at all to be able to look at all of the associated journals' reading pages merged into one. If it's easy enough to switch to 'working as' one of your other journals (i.e., you don't have to log out and log in again), then you can just switch to another and look at that journal's own reading page. It's not that big of a deal and will even save on confusion as to which account you're working as/with/through/whatever at the moment.

I don't see much fiddling around required in terms of people giving/having access either... It's not really a time intensive process to grant access, subscribe, unsubscribe, or remove access. If the person has made it public on their profile that they have these other journals, too, then you can just choose to do that or not (from your primary account or all of your accounts, haha). If the person doesn't want it known that all of these journals belong to them, I don't see why they'd be multiply subscribed to the same journals and communities; but maybe that is just me. So, I guess, that is my way of saying: if you're looking at someone's journal while 'working as' a journal of your own that doesn't have access to their locked posts, then NO, you can't see those posts; scroll up to the top and switch to working as the journal that does have access. (They may not even like your alter ego. If they knew it was you, maybe you wouldn't have access on any journal. lol)

And I don't see why you would want to save a draft post for 'all journals'. Again, maybe that is just me. I'd expect 'save' and 'save to' and then you get to pick which journal to save the draft for... unless, as has become my theme here, it saves to whichever journal you are working as at the moment. Then there is no need for any new option at all.

I'm glad you're very clear that it needs to be optional whether there's any public association between accounts, at the discretion of the human who owns them. That's no less than I'd expect from you guys. :)

All of the stuff about it showing you only the options each journal has privileges for is very shiny. I'm confident you'll work it out well. (Sounds like a lot of work, too.)

I would hope there'd be an easy way (or faster way) to link journals created with the same email address, than for a person who used different email addresses for each journal. Like, once the changes were all implemented, people who'd created more than one journal with the same email address received an email/inbox notification from DW asking if they want to 'associate' them.

I'll be really curious to see what's developed as far as the shop (i.e., payment options) goes. Discounts would be great. A simple, clean way to take care of all your accounts at once (should you choose to do so) will be cool in its own right.

Thanks for working on this! You guys rock! :D
Edited (typo) 2010-10-21 07:21 (UTC)
speedblitz: (Silly happy face)

[personal profile] speedblitz 2010-10-21 07:26 am (UTC)(link)
Well, the Boris scenario is better explained with role-playing communities, where you have one NPC or mod journal that all the moderators need to access. So the option of associating a journal with multiple mains is really attractive for that purpose.
vae: (books: imagination takes flight)

[personal profile] vae 2010-10-21 07:31 am (UTC)(link)
Replying to comments from email notifications - if Annabel is logged in as dw_annabel but has an email notification to fic_annabel and she replies to it, should it go through, or should she see the "cookie expired" message and need to log in as fic_annabel before the comment posts?

(I'll be honest, I'm firmly of the opinion of "the comment should post as fic_annabel while logged in as dw_annabel" - this is because I know a lot of people who will not use Dreamwidth for RP because they have multiple characters and want to be able to reply to comments from email notifications without having to switch logins. Being able to associate journals and let that authorise comments without switching their login would make DW a lot more RP-friendly.)
sophie: A cartoon-like representation of a girl standing on a hill, with brown hair, blue eyes, a flowery top, and blue skirt. ☀ (Default)

[personal profile] sophie 2010-10-21 07:31 am (UTC)(link)
3)Similarly, when she's reading as dw_annabel, she would like to read any post that has given access to her work_annabel or fic_annabel journals.
I assume you ([personal profile] tyggerjai) mean that she'd be able to read journals on work_annabel's and fic_annabel's reading lists, including locked posts?

(Whether there should be the option to auto-read users who give you access is another discussion entirely, of course; I'm just commenting to make sure this means what I think it means.)
Edited (Oops, wrong tag.) 2010-10-21 07:32 (UTC)

[personal profile] puzzlement 2010-10-21 07:36 am (UTC)(link)
As far as sub-association goes, there's perhaps something going on here socially with regard to communities.

Generally speaking, users expect that a community has semi/occasionally-open membership. But since communities are currently the only official model for having a separate journal with the same login, the following happens:
1. some people make a community in order to have a de-facto second journal
2. some people make a community in order to have, essentially, a journal for postings by a small number of people (I do this with [community profile] incrementum, my parenting blog), but there's no way to distinguish this in the UX, so [community profile] incrementum for example shows up in interests pages with equal status to communities that people can actually join.

Model #2 is a separate problem, but perhaps Model #1 is overlapping this problem a fair bit. Will communities be able to be migrated to sub-accounts? Will all of the use cases of "I'm setting up a comm for my icons, I am the only poster" be catered for by subaccounts? Why/why not?

[personal profile] rho 2010-10-21 07:38 am (UTC)(link)
I like the paradigm of splitting accounts and journals better than I like the paradigm of primary and secondary accounts. I doubt it will make much difference in real terms, but I find it a much more intuitive and helpful way of looking at things.

One thing that I would like is the option of displaying the parent account on a journal. I know that a lot of people keep secondary accounts at the moment precisely because they're concerned about privacy and don't want people associating their accounts, but whenever I use multiple accounts, it's generally just because I want to keep content separate for organisational reasons, and I normally have a note along the lines of "my main journal is over at [personal profile] rho" in their profiles. While I wouldn't advocate having this be default behaviour, it would be useful to me if I could just tick a box and have it show up automatically.

[personal profile] puzzlement 2010-10-21 07:38 am (UTC)(link)
And at the moment you can't grant communities access and so on. But shared sub-accounts would have this property, but otherwise look something like a community minus the bit where it points out which account is posting to the comm.

I'm just sort of picking up a compare/contrast here.
theliterator: d20 (Default)

[personal profile] theliterator 2010-10-21 07:39 am (UTC)(link)
This! So much this!

I don't RP, but being able to know for sure which journal the comment is going to be from if I use the inbox reply form would be insanely awesome.

I'd imagine it would be difficult to implement though.
florahart: (writing)

[personal profile] florahart 2010-10-21 07:39 am (UTC)(link)
I don't have useful comments, but I do want to say that I appreciate how clear it is in this description that there is a baseline understanding about what it means to have multiple identities that may be shared or known to different people and that this is not a crime or a bad thing. That it's said repeatedly that where the user has not explicitly stated that she wants this connection to be apparent to other people, it's critical that the default be public. That it's understood that people compartmentalize in a hundred ways and that these compartments overlapping nondeliberately is a very bad thing. It's hardly news that you all are all over that, but I still appreciate it all over again any time I see it. Thanks.

Okay, wait, maybe I do have one useful comment; the circle management page is already unwieldy if one has very many people in any relationship (for me the crazymaker is all the imported openIDs to scroll through), and I think my brain just curled up in the corner sobbing at the notion of trying to cope with the potential for a whole other level of making it right for multiple journals on one account--which, it'd have to get worse, right? In order to account for allowing/subbing/unsubbing/whatever for just the primary or just a secondary? Uh, I think that page would need work, but I don't have any idea how to make it better.
theliterator: d20 (Default)

[personal profile] theliterator 2010-10-21 07:49 am (UTC)(link)
The thing the stuck out at me the most was the consideration about email addresses.

I use different emails for different identities-- it keeps the RL me that much further away from my online activity, which is very important to me.

So if this were implemented where I had to use the same email for both accounts, it would not work for me.

And the secondary consideration for me is then, of course, being able to select whether the associations for the accounts was public or private.

Also, the secondary writeup seemed to be more like my case, though it could just be from the details and the late hour.

lanterne_rouee: i believe in dreamwidth plus a typewriter (dw believe typewriter)

[personal profile] lanterne_rouee 2010-10-21 07:51 am (UTC)(link)
Ohhhh. Yeah, I have no experience with that at all. lol (That's why I kept adding 'maybe it's me'. I figure other people use their journals in ways I can't imagine.)

Is there a reason that one mod journal is a single journal instead of a community (or all the mods having their own journals)?

[ Please note: I'm not even sure my question makes sense, since I don't really know how RP-ing works. lol ]
pne: A picture of a plush toy, halfway between a duck and a platypus, with a green body and a yellow bill and feet. (Default)

[personal profile] pne 2010-10-21 07:54 am (UTC)(link)
what's our current procedure for people sharing passwords

I thought that was forbidden?
vae: (Default)

[personal profile] vae 2010-10-21 08:00 am (UTC)(link)
Oh, I'm not saying it's easy - the conditionals and filters on the code around security are not going to be fun, depending on how the journal association model is structured and how the security is passed from the email form to the DW databases - but a lot of that should be taken into consideration for simply being on the site and leaving a comment as an associated journal that you're not currently using as the primary login.

I hope.

[personal profile] ex_fathomless325 2010-10-21 08:06 am (UTC)(link)
This fantastic not just for RP but the small but growing population of multiples here as well. We have one main journal, this one, but each of us have separate journals as well. We don't use those as often because the log in/out process is a hassle. This would remove that boundary and allow more autonomy for individuals within our system. We're all for this!
theliterator: d20 (Default)

[personal profile] theliterator 2010-10-21 08:07 am (UTC)(link)
But isn't some of that in place already? The login cookie expired page?

**knows nothing about code** Hardware and circuitry any day of the week, please and thank you.

Heck, I look at what I'm doing right now-- using my password to post this comment while logged into another journal and it seems to me that part of the architecture must already exist.
vae: (Default)

[personal profile] vae 2010-10-21 08:15 am (UTC)(link)
Dammit. I typed out a long comment about how this can happen and then swiped the wrong gesture on my track pad, gmail went back a page and I lost it.

More concisely - I'm a web developer by trade, hence the code references. I suspect that as long as you supply login details from some source, that's fine by DW - and if you use your logged in journal, then it comes from the cookie on your computer. If you use another, it comes from the information that you give the form on the page.
amadi: A bouquet of dark purple roses (Default)

[personal profile] amadi 2010-10-21 08:17 am (UTC)(link)
Simplest answer: because a community can't post comments. And while the names of the mods of a community are usually known, sometimes it's important to present the unified front of "the moderators are performing this action, as a body" under the mod account (with the understanding that none of the mods would use that account without accord) rather than as an individual mod, to avoid grudgewank or efforts to pit one against the other or other sticky political nonsense that sometimes arises when people's creative output is on the line and passions run high.
theliterator: d20 (Default)

[personal profile] theliterator 2010-10-21 08:20 am (UTC)(link)
Hmm, that's not quite what I meant-- I was thinking about the part where it doesn't log me out when I do.

You would obviously know more about this than me. (which is totally cool, by the way.)

Don't mind me-- it's very early and I have yet to sleep.
vae: (Default)

[personal profile] vae 2010-10-21 08:22 am (UTC)(link)
*g* It doesn't log you out because you didn't tick the box to say "log in as this account" when you commented. So DW takes the login details for that comment from what you type in the form, but it leaves the cookie on your computer.

Next time you go to comment, it defaults to take login details from the stored cookie, unless you select "other DW account" when you're leaving the comment again and give it the details of theliterator.

And still, you have your cookie!

...I haven't had breakfast yet and must remind myself that login cookies are not edible.
vae: Brad Bell in black and white (glam: brad: watching you)

[personal profile] vae 2010-10-21 08:26 am (UTC)(link)
...disclaimer. I am not a DW developer. I am just a random web developer who has coded login systems for web sites. Anything I say about DW security may be ENTIRELY wrong.

Page 1 of 9

<< [1] [2] [3] [4] [5] [6] [7] [8] [9] >>