[isf-wifidog] Possible problem with Laika
Philippe April
isf_lists at philippeapril.com
Dim 6 Mar 22:08:35 EST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The behavior of "after sign-up you have to visit any webpage, then you
get the login page and you just login again", is incredibly sad but
necessary. It's explained in the message that nobody reads :-|
It's a really problematic UI issue.
I'll try to hack something in. We "might" need an additional column in
the DB, we'll see. I'll do it on my own auth server, so then you can
point to it and "experience" :)
On 6-Mar-05, at 9:47 PM, Mina Naguib wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> I just did a similar test too.
>
> Unless I missed something, here is how it went:
>
> 1. Entered my homepage's URL in the address box
> 2. WiFiDog captured it, re-directed me to auth server
> 3. In there I clicked "create new account"
> 4. Took me to a page where I got to select a new
> username/password/email
> - - clicked "next"
> 5. Took me to a page that said I now have 15 minutes to check my email
> to validate my account
>
> IMO this is misleading. At step 3 and onwards I was strictly dealing
> with the auth server. It never forwarded me to my local wifidog to
> actually move me to the "Validating" stage.
>
> After step 5 I thought everything should work, but nothing worked (I
> was
> still anonymous)
>
> I tried to POP/IMAP my mail but it failed.
>
> I had to visit a web site again, which got again re-forwarded to the
> login screen. Only when I entered my new username and password did
> wifidog get notified I'm now "validating" and open some more ports and
> web access.
> Like you've said, we perfected something technically so well that we
> may
> have lost a bit of perspective on the user experience (especially a
> part
> most of us rarely do anymore).
>
> In my opinion the message shown in step #5 above is highly misleading
> and I can think of 2 things to address that:
>
> 1. The message should read "Your account is created. You now need to
> log
> in with it >>here<<. After you log in you must check your email within
> 15 minutes"
>
> or I'd prefer:
>
> 2. Upon account creation, the auth server should automatically
> re-direct
> the user back to their wifidog as if they successfully logged-in with
> their new username+password. Wifidog will then make them "validating"
> and can then re-direct them to a screen that says "You now have 15
> minutes to do check your email etc.."
>
> Philippe April wrote:
> | I just tested the chain, it works well but I have comments:
> |
> | 1. Port 22 outgoing is blocked so I couldn't do my regular SSH port
> | forwarding to check my mail. Perhaps we should accept this for the
> | validation period?
> |
> | 2. I just realized, if I did like a lot of people and double-click on
> | links instead of single-clicks, well I'd probably get an error
> message
> | at the login page. Therefore, I would not get the "you get 15
> minutes of
> | access, please go ahead, thank you" but "Access denied" or something
> | like that, because the token would already have been used.
> |
> | I think we should do something about that. Perhaps we could
> detect... If
> | the token has been used already, but it's only been a few seconds
> only,
> | spit out the same message because "it's been double-clicked".
> |
> | Input? Input? I say we open port 22 and do something for
> double-clicks
> | like I mentionned.
> |
> | If you want, read the following too, I'm just thinking loud:
> |
> | It's funny how... We do something pretty challenging technically,
> and it
> | works so well at this moment, we're so glad about stability, it's our
> | baby. But still, the issues we have are issues related to user
> interface
> | and double-clicking links! Issues we just wouldn't think about
> because
> | we don't do it...
> |
> | Perhaps we should be a bit closer to the users. How about just taking
> | time to walk into a frequently visited cafe to ask the users "now,
> how
> | was signing-up and all? painful?"
> |
> | I've heard twice now that the link that says "Sign-up, it's free!"
> | highlighted in green.. is not clear! To me, it's perfectly clear!
> | </done>
> |
> | On 6-Mar-05, at 9:20 PM, Philippe April wrote:
> |
> |>> -----BEGIN PGP SIGNED MESSAGE-----
> |>> Hash: SHA1
> |>>
> |>> Intéressant.
> |>>
> |>> I think we need to create a little document to test the whole
> chain.
> |>> Basically take time to create a new account and follow the whole
> |>> chain, including the case where the user doesn't validate his
> account
> |>> and gets 'locked'.
> |>>
> |>> That should be done both when we have a new version of wifidog out,
> |>> AND new auth server changes.
> |>>
> |>> Let me do a test right now, I'll let you know if everything goes
> well.
> |>>
> |>> On 6-Mar-05, at 8:33 PM, Daniel Drouet wrote:
> |>>
> |>>> I was at Laika today and one of their staff (who happens to be a
> big
> |>>> fan of ISF) told me that people often try to set up new accounts,
> but
> |>>> are unable to go anywhere during their 15 min period of grace. So
> far
> |>>> he gives them Laika's username/password, so that they can log in
> and
> |>>> check their email. After that, they can log in and use their newly
> |>>> validated acct without a hitch. Unfortunately, I didn't have a
> laptop
> |>>> with me, so I couldn't try to replicate the bug.
> |>>> _______________________________________________
> |>>> WiFiDog mailing list
> |>>> WiFiDog at listes.ilesansfil.org
> |>>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
> |>>>
> |>>>
> |>> Philippe April
> |>> GnuPG: http://key.philippeapril.com/
> |>> Skype ID: mousetrap
> |>>
>
>
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.6 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFCK8CzeS99pGMif6wRAm/XAKD0s2q1UPaU+4gnImuH4efixEdqdwCgrsY3
> i0+zZ9Bcnzr2le6+6Zmxhzc=
> =JZQJ
> -----END PGP SIGNATURE-----
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>
>
Philippe April
GnuPG: http://key.philippeapril.com/
Skype ID: mousetrap
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
iD8DBQFCK8W0Oq+Ep5Xn/aARAsWHAKCM23ph91IDw9Sii1DjSSrENxSwaQCdHEcN
Tj/9go93EYWub5zjhok89fo=
=P32Z
-----END PGP SIGNATURE-----
Plus d'informations sur la liste de diffusion WiFiDog