[pmwiki-users] Author cookies

Henrik Bechmann henrik at bechmannsoftware.com
Sat Aug 12 00:21:00 CDT 2006 

Patrick,

Good points.

I presume it is fair to say, in sum: users of single user machines would 
prefer in most cases to preserve the author name between sessions for 
convenience; users of multi-user machines would prefer to have the 
author name cleared between sessions, so as to avoid confusion as to 
authorship.

Which leads to the following idea:

A checkmark beside the author name of the form, allowing the user to 
determine whether to preserve the author name or not between sessions.

I myself have just run into a situation involving both: One of my entry 
sites is used by multiple people, and some confusion has arisen as to 
authorship, as users (naturally) don't bother entering names quite often 
when one (even if not their own) is already present. Most of my entry 
sites however, belong to people who work from home (including me!). 
These would prefer having the author names preserved between sessions.

So the answer, as is often the case, it seems to me, is that the option 
for doing it either way, as decided by individual users (not by 
installation) would be most preferable.

- Henrik

Henrik Bechmann
www.osscommons.ca
www.bechmannsoftware.com
Webmaster, www.dufferinpark.ca



Patrick R. Michaud wrote:
> Reply-To: 
> In-Reply-To: <44D66848.3060303 at bechmannsoftware.com>
>
> [Subject was: Working solution for CMS style interface with IMS caching]
>
> On Sun, Aug 06, 2006 at 06:08:08PM -0400, Henrik Bechmann wrote:
>   
>> All of this works as expected in Internet Explorer. The Firefox cache is 
>> not as responsive however, and requires special procedures. Also, it 
>> turns out that PmWiki deletes the Author Name cookie with the logout 
>> operation (which I do not think is desirable in most situations).
>>     
>
> Actually, it is desirable, and arguably it's the only correct
> answer.  PmWiki is used in a large number of laboratory and classroom
> environments, where multiple people end up using the same machine
> to access a common wiki on a daily basis.  In these situations,
> people think of "logout" as meaning "remove my association with
> this particular terminal" -- including their author name.  
>
> In fact, many people would be very surprised if the "logout" action 
> *didn't* cause their author name to be removed from the forms;
> "logout" should mean "I'm no longer here."  Indeed, this is one
> of the reasons ?action=logout was originally created...to provide
> an easy way to clear the author cookie.
>
>   
>> 2. IMHO the Author Name (as opposed to ID) should never be removed from 
>> the cookie. It is not a security feature, but rather a convenience for 
>> the author, such that he/she doesn't have to keep adding his/her name 
>> from the same computer all the time (when $EnablePostAuthorRequired = 
>> 1). 
>>     
>
> It's even more inconvenient for an author to try to remove his/her
> name from a machine if ?action=logout doesn't do it.
>
> Still, if the admin doesn't want ?action=logout to remove the
> author cookie, then use:
>
>     include_once('scripts/author.php');
>     $LogoutCookies = array_diff($LogoutCookies, array($AuthorCookie));
>
> which means that ?action=logout won't remove the author cookie.
> If there's enough people who think that author cookies should
> survive ?action=logout, we can create a special $Enable... variable
> for it, otherwise I'll simply cite the above code as a potential
> recipe.
>
> Pm
>
>
>

More information about the pmwiki-users mailing list