summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoey Hess <joey@kodama.kitenet.net>2008-11-18 12:56:02 -0500
committerJoey Hess <joey@kodama.kitenet.net>2008-11-18 12:56:02 -0500
commit19e34cb62ec8c891f060cbf9b2340510c7cb0331 (patch)
tree2dfecec1e4bb7227ad9cff6c5b8eda444fc3d855
parent447d3ae258070be5e421b17b2aef4fe80031583c (diff)
respond, sheesh
-rw-r--r--doc/bugs/login_page_should_note_cookie_requirement.mdwn9
1 files changed, 8 insertions, 1 deletions
diff --git a/doc/bugs/login_page_should_note_cookie_requirement.mdwn b/doc/bugs/login_page_should_note_cookie_requirement.mdwn
index bd52f1c21..32d971548 100644
--- a/doc/bugs/login_page_should_note_cookie_requirement.mdwn
+++ b/doc/bugs/login_page_should_note_cookie_requirement.mdwn
@@ -7,6 +7,10 @@ At the moment, you go through the login shuffle and then are told that cookies a
>> Very few websites break without cookies. Even fewer lose data.
>> Can ikiwiki avoid being below average by default? --[MJR](http://mjr.towers.org.uk)
+>>> Can we avoid engaging in hyperbole? (Hint: Your browser probably has a
+>>> back button. Hint 2: A username/password does not count as "lost data".
+>>> Hint 3: Now we're arguing, which is pointless.) --[[Joey]]
+
Even better would be to only display the cookie note as a warning if the login page doesn't receive a session cookie.
> I considered doing this before, but it would require running the cgi once
@@ -19,4 +23,7 @@ Best of all would be to use URL-based or hidden-field-based session tokens if co
> This is not very doable since most of the pages the user browses are
> static pages in a static location.
->> The pages that lose data without cookies (the edit pages, primarily) don't look static. Are they really? --[MJR](http://mjr.towers.org.uk)
+>> The pages that lose data without cookies (the edit pages, primarily)
+>> don't look static. Are they really? --[MJR](http://mjr.towers.org.uk)a
+
+>>> As soon as you post an edit page, you are back to a static website.