On Thu 02 Oct 2008 at 05:53PM, Alan Burlison wrote:
> John Plocher wrote:
>
> > Maybe to you, but all of us who have responded seem to disagree.
> > You seem to have made up your mind that the site should go from one
> > extreme (never revalidate) to the other (1 to 4 hours), without any
> > attempt to understand your customer's needs, to characterize their
> > current behaviors, or to identify and work towards a middle ground.
>
> That's an unfounded and incorrect assertion, and isn't helpful, to be
> honest. I've said that expecting people to have to log in once a day is
> not unreasonable, and I've seen no firm evidence to the contrary.
If I have to log in once per 24 hour period (yes, my work day spreads
over longer than 8 hours) then I can live with it. I won't like it
but I will deal. A couple of days would be nicer. 1 hour was a deal
breaker.
I think what others are reacting to is that we're trying to invite
people in to participate, and login must not be too much of a barrier.
Think of it like taking a flight and having to deal with airport
security. It might be necessary but it doesn't make you feel loved.
I think for me the single biggest irritation with auth in other web
sites comes when I get logged out in the middle of a transaction-- like
a wiki commit, or making a purchase. In other words, I click 'edit',
start writing something, leave for the weekend, come in Monday, and then
suddenly I can't commit the page because I've been timed out. I'm left
to log in, then hit the 'back' button to hopefully get back to my
changes, etc. The best websites are smart enough to authenticate you
and then bring you back to what you were doing. Hopefully we will do
the same.
-dp
--
Daniel Price - Solaris Kernel Engineering - [EMAIL PROTECTED] - blogs.sun.com/dp
_______________________________________________
website-discuss mailing list
[email protected]
