[Zope-PTK] DISCUSS: Why Zope.org has soft cookies

Karl Fast Karl Fast <karl.fast@pobox.com>
Mon, 17 Jan 2000 16:07:38 -0600


> > Sites like Amazon use a two-tiered approach. Whenever I return it
> > remembers who I am. No need to enter a password. And it returns
> > preferences and recommendations based on that identity. But if I
> > want to place an order, view my order history, or do other things
> > like that I need to sign on. The login form automatically inserts my
> > username (my email address in the case of Amazon) and I need to
> > supply my password. More personal information requires
> > authentication on a per session basis.
> 
> I could definitely see us going for the two-tiered approach that Karl talks
> about.

What I like about the two-tiered (or multi-tiered) approach is that
it allows you to strike a balance between security and usability.
I'd hate to have to login every time I went to my.yahoo.com just to
see my personalize home page, but I'd be really nervous about not
having to logon to change personal information like my password.



-----------------------------------------------------------------
Karl Fast