These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

Player Features and Ideas Discussion

 
  • Topic is locked indefinitely.
 

Web site: improved cookie checking
Author
Previous Topic Next Topic
Droidster
Center for Advanced Studies
Gallente Federation
#1 - 2016-01-03 18:07:20 UTC  |  Edited by: Droidster
The current cookie-checking behavior of the forums web site (forums.eveonline.com) is extremely obnoxious and badly designed.

The first problem is that the web site apparently checks if you have cookies and enabled on every page and logs you out automatically if you do not. This is really idiotic. If you have valid login cookies, you should stay logged in. Logging out people who have general cookie settings off has absolutely no purpose other than to annoy people. I think whoever programmed this does not have a clear understanding of how cookies work.

The second problem is that the cookie checker itself is badly designed. What it does is just check the object property navigator.cookiesEnabled which will false unless ALL cookies are allowed. Even if the eveonline.com domain is whitelisted it will still return false. So, basically what the programmer is doing is forcing users to turn ALL cookies on to use eveonline.com. This is extremely unnecessary and obnoxious because it means when I use the forums I have to turn cookies on. Then when I go to ANY other web page on a different tab, I have to go through the nuisance of turning cookies off.

The forums only use cookies from eveonline.com, so it should be enough for users to whitelist this domain.

How to fix this:

* An easy fix would be to do only the cookie checking on the login page. Once the person gets past the login page there is no further need to check whether cookies are enabled. This is still sub-optimal because it forces users to turn on cookies while logging in, but at least it is just a one-time thing.

* A better fix would be to stop forcing cookies to be on at all. You can do this by making your test cookie in the eveonline.com domain. As long as the user can accept eveonline.com cookies, that is all that is needed. So, basically in your cookies-enabled check function in the login Javascript you need to change that code to use a eveonline.com domain test cookie. This will allow people to whitelist the domain and not have to turn cookies on for all domains.
Maria Dragoon
Brutor Tribe
Minmatar Republic
#2 - 2016-01-04 00:39:56 UTC
Security and convenience goes hand to hand.

Think of it as a slider, the more Security you have, the less convenience you have, the more convenience you have the less security you have. The difficulty is finding a balance between this. Saying something is an easy fix when it comes to coding is honestly, laughable. Specially when it comes to rewriting things that act as a foundation of other things.

Life is really simple, but we insist on making it complicated. Confucius

"A man who talks to people who aren't real is crazy. A man who talks to people who aren't real and writes down what they say is an author."