[OpenID] Yahoo hijacking?
Allen Tom
atom at yahoo-inc.com
Mon Apr 21 17:14:24 UTC 2008
I would think that most people would hit the Back button, and that works
as expected.
Allen
SitG Admin wrote:
>> 1) The user does NOT want to sign into the site specified by the
>> return_to
>
> Scenario:
>
> I'm a user with multiple Identities, compartmentalizing my life. My
> fingers type in the Identity that I'm accustomed to using, but then I
> realize that this would actually be improper for some reason, and I
> decide cancel so I can go back and enter in a *different* Identity to
> be associated with the comment I'm leaving . . .
>
> . . . and then the OP redirects me to a completely unrelated page,
> causing me to lose the comment I just typed up. Oops!
>
> -Shade
More information about the general
mailing list