Perhaps. But I would certainly advise respecting your users.
I agree, but I think the solution is use of session and/or cookies if you
want to persist some user state -- that should achieve what you want without
exposing private information. If you want an easy login experience, you
might also consider something like Janrain or your own OpenID login.
An
Anthony, this is exactly the culture I am questionning. Why force
everyone to register because a small number of people are concerned
about someone else pretending to be them to see their choice in a cart
(slightly paranoid I would say). They are welcome to have their
concern, they can register. I
I was actually referring to the situation where in the future you link any
prior orders to a newly created account based on email address. It sounded
like you might have been considering that.
But from a conservative info privacy standpoint, Anthony's concern might be
an issue as well.
On Wednesday, August 24, 2011 1:41:22 PM UTC-4, peter wrote:
>
> Pbreit
>
> I do not think that fake logging in with others email is a risk as all
> they will see is the cart that has not been checked out.
>
Some people may consider it a violation of their privacy if you expose their
shopping ca
Pbreit
I do not think that fake logging in with others email is a risk as all
they will see is the cart that has not been checked out.
Anthony and villas, thanks for your feedback. Maybe you are right that
email in session is good enough. I will have to index all orders on
index instead of auth.u
Just set a cookie for the email address until you can trust it?
Maybe just keep the email address in the session for this purpose. You could
still use Auth decorators if desired:
@auth.requires(session.email!=None)
As for accessing the shopping cart on a return visit, you might enable that
via a long session expiration, but I'm not sure it's a good idea t
Hard to say if it's better. Accounts and logins are som common that it might
be alarming to not have such.
But I think you might run into problems using auth_user for this. And I
don't see what you gain out of using auth_user. I would just attach an email
address to the order and then code any
9 matches
Mail list logo
