[OpenID] OpenID RP: Storing persistent identifier cookie rather than authentication ticket cookie

[Andrew Arnott]

Shade,
Correct.  If no positive assertion can be discovered, the Login link remains
so the user can provide their identifier (perhaps seeing the last one they
entered) and begin a checkid_setup flow.

If a positive assertion is found, it would make sense in some scenarios to
still allow the user to choose to log in normally rather than auto-login
(perhaps to explicitly choose a different identifier).

--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - S. G. Tallentyre


On Mon, Jul 13, 2009 at 1:31 PM, SitG Admin <sysadmin at shadowsinthegarden.com
> wrote:

>  If the client finds it gets a positive assertion, it changes or adds to
>> the "Login" link UI a message like "(auto-login now)", which forwards the
>> positive assertion to the server for processing and logs the user in without
>> any further interaction.
>>
>
> And if the assertion is negative or some other noncommittal equivalent to
> "we can't say at this time whether that user has an account with us", you
> still have that text field for them to type in the OP they wish to use,
> "automatically" or not?
>
> -Shade
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090713/ca54c531/attachment.htm>