266Re: [fanficauthors] Re: Site structure anoyance.
- Dec 19, 2010On Sun, Dec 19, 2010 at 01:22, ubereng <mryahell@...> wrote:
>Cookies allow the specification of both a domain -- which may or may
> I never said that I had to relogin, once logged in. (Except when logins expire or cookies are deleted)
> The problem comes with following a link to a story on subsite B, but the PW manager only has a record for subsite A. So every time we visit a new subsite, it either has to be within a few days of our last visit (not likely, given the activity level at FFA), or we must dredge up the account credentials and create yet another PW-manger entry for FFA.
> As for fixing my password manager, there is nothing wrong with it, I didn't write it, and it's not the source of the problem -- and as already seen on this thread, others have the same issue.
not be a *. domain -- and a path -- under which they apply -- for good
reason. Any password manager that can't handle both those things in
Different subdomains isn't just a quirk of FFA; It's how sites like
wikipedia work too. (<fr.wikipedia.org> and <en.wikipedia.org>.)
And if it doesn't handle paths, then you're just asking for phishing
attacks on free hosting sites where each hostee gets a different
subdirectory. If your password manager gives the username and
password for <hosting.com/goodsite> to <hosting.com/G00DSITE>, then
your password manager is a security hole.
>Except that changing the structure also means that autocomplete for
> Redirecting to login.fanficauthors.net would probably be an acceptable band-aid, but more work than just switching the structure -- which could be as easy as one redirect in the server config. (FFA appears to use Nginx, which I'm not too familiar with).
URLs no longer works as well, and you don't want to have two different
links for the same thing for SEO reasons.
And the "different login domain" isn't a "band-aid", it's the right
way to solve the problem of auth across different sites. Note, for
example, that going to <gmail.com> takes you to
<www.google.com/accounts/ServiceLogin>, which then redirects you back
- << Previous post in topic Next post in topic >>