List Info

Thread: bug #20678: member_controller: user successfully logs in but thinks that s/he has failed
bug #20678: member_controller: user successfully logs in but thinks that s/he has failed
user name
 2007-08-03 17:25:01 
hi samizdat-devel

PROBLEM: Sometimes a user when logging in may make some
errors, e.g.
login or password may be missing, and so the
"referer" URI becomes the
URI of member/login itself. In this situation, when the user
clicks on
the submit button and *successfully* logs in, a redirect
occurs to
member/login itself, so the part of the screen closest to
the region
where s/he clicked appears to be totally unchanged. If the
user looks
to the top-right, s/he will notice that his/her "full
name" is now
shown, and will realise that s/he has successfully logged
in. 
However, the submit button is at the bottom left and it is
easy for the
user to miss this changed information. Moreover, the main
content of 
the page invites the user to log in, despite the fact
(unclear to the
user) that s/he *has* successfully logged in.

This leads to a user being frustrated and thinking that s/he
has not
successfully logged in.

Not only is this in itself a Bad Thing, but a frustrated
user might
unnecessarily create a new login, or try his/her passwords
normally
used on other sites, or switch from https to http since it's
"better
to try something than just give up" - plenty of things
to weaken 
security.

This problem is asymmetric with respect to the member/logout
method -
because the logout button leads to changes in the content of
the page
at a point very close to where the user has clicked, so the
change *is*
obvious in that case.

PROPOSED SOLUTION: If the referer is member/login itself,
then
redirect to some other page which should signal to the user
that s/he
has successfully logged in. This could be a new page:  title =
_('Login
succeeded')... , or, as i suggest here, a redirect to the
member page.


cheers
boud


---
/tmp/tmp_snapshot/samizdat/lib/samizdat/controllers/member_c
ontroller.rb	2007-05-05 14:56:27.000000000 +0200
+++
/usr/lib/ruby/1.8/samizdat/controllers/member_controller.rb	
2007-08-03 23:54:14.579828264 +0200
 -183,7
+191,8 
      if login and password
        if cookie = Session.start(login, password)
          request.set_cookie('session', cookie,
config['timeout']['last'])
-        request.redirect(referer)
+        referer =~ %r{member/loginZ} ?
+           request.redirect('member') : request.redirect(referer)
        else
          title = _('Login Failed')
          content_for_layout = box(title,




_______________________________________________
samizdat-devel mailing list
samizdat-develnongnu.org
http://lists.nongnu.org/mailman/listinfo/samizdat-devel
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )