Why do I have to log in to Migipedia again with my name and password every time I come here via a link in a Migipedia e-mail? Surely it would be possible to be logged in automatically. Thank you in advance.
I apologize for the late reply! I have forwarded your question to our developers. I myself don't know exactly what options are available and why this one was chosen. I am also looking forward to the answer and will pass it on to you as soon as possible.
A link is sent to the user's email address with a canned text. If the user is logged in to Migipedia, there is no need to log in. If you are logged out, however, you do.
In the link, the anchor point consisting of the node number (thread) and the comment number (comment) is specified as follows:
User and PW are not linked! It is just a simple unclassified mail and the page is not "https" protected. Encrypted sensitive data could be transmitted via these.
I have turned off the automatic notification. If you send me a link and I click on it, the thread opens and I can edit it immediately because I am always logged in!
Furthermore, every user is fully responsible for keeping their user data confidential and for all activities that are carried out via their account.
Thank you Istanbul for your precise and understandable explanation. Once a computer expert, always a computer expert! :)
Security is indeed the decisive reason why you are not logged in directly with the deep links from the emails.
One option would be a so-called 'RememberMe' cookie, which logs you in and grants you read-only rights. However, as soon as you want to contribute or change something, you would also have to authorize yourself there. With this solution, the login process would simply take place later.
Best regards Daniel, Migipedia team
Guest
Thank you Daniel and Istanbul for your answers. As I am only a layman, this is a bit technical for me. However, I know of other sites, forums etc. that contain no less sensitive data but can still be edited directly via the link in the newsletter. Since users normally manage their e-mail account on their own and this is also password-protected, I don't see any great risk. But as I said, I'm not a crack.