[pubcookie-users] How to prevent bookmarking the authentication
dors at cac.washington.edu
Thu Jan 13 12:55:50 PST 2005
We use a welcome page on our portal, which is our most popular
application, and I wouldn't doubt that it saves us a few help desk
calls. But we also have a lot of applications integrated with
Pubcookie, so maybe our users are slightly more aware that the
login page isn't tied to a single application and therefore don't
bookmark it as such.
The other thing to consider for sites that people like to bookmark
is placing a "bookmark this site" link on the application home
page itself. This might encourage people to do it correctly.
On Wed, 12 Jan 2005, John-Paul Robinson wrote:
> I don't think there is a way to avoid this due to the nature of
> interaction with the web client. The browser is redirected and doesn't
> have any understanding of the relationship between the two sites. I'll
> let the author's give the definitive answer though.
> Your idea for a warning is probably a good idea.
> Another approach might be to change the behavior of the popular
> application a little. Rather than restricting all access to this
> application behind the protection of pubcookie, you could expose a welcome
> page to the application that users would see regardless of their
> authenticated state. You could then offer access to the restricted
> content through protected links off this initial page.
> Users may than be inclined to bookmark the welcome page instead of the
> login page.
> On Wed, 12 Jan 2005, Gary Mills wrote:
>> We use an older but stable version of pubcookie with the Apache web
>> server on Solaris. There's one popular web application that uses
>> pubcookie for authentication. On first access, it redirects the
>> client's browser to the authentication server. Some people bookmark
>> this page before authenticating. When they do authenticate, their
>> browser is redirected back to the application, and everything works.
>> However, the next time they use that bookmark, their browser goes
>> directly to the authentication page, and never redirects to their
>> favourite application. It's difficult to tell people not to do what
>> seems reasonable to them. Is there a way to have the authentication
>> page not able to be bookmarked? If not, I suppose that a notice on
>> the page would help to some extent.
> pubcookie-users mailing list
> pubcookie-users at u.washington.edu
More information about the pubcookie-users