undefined | Better HN

0 pointsremram3y ago0 comments

"Logging in" typically refers to the situation where you don't have the cookie and need to get it. Having the cookie is typically referred to as "being logged in" already.

0 comments

3 comments · 1 top-level

nickjj3y ago· 2 in thread

> "Logging in" typically refers to the situation where you don't have the cookie and need to get it.

Right, and after you click the link in your email to login then your back-end will set a cookie so that when you close your browser and come back again you will be logged in without needing to receive another link your email for however long you want "remember me" to be available.

The person I was replying to said the difference with magic links is you need to check your email every time you login. Especially with his "obvious" remark, it made it seem like he didn't realize you could use magic links and only login once a year just like you could use a password and only login once a year thanks to cookies working the same with both methods.

scrollaway3y ago

Dude, you're describing logging in.

If I don't have cookies, I have to receive that email again, and it introduces a large amount of failure points EVERY SINGLE TIME this login happens. Instead of just once, on account verification.

Seriously, I've built enough apps that require email verification to know how much of a failure point that email verification is, and it's a significant draw on onboarding when email guarantees are required early on. Doing it every single login (= every new device, every new incognito session, every now and then when the user clears their cache, every time they switch browser, every time they log in from a new computer, etc etc) is insanity, and again, everyone I know who uses magic link has given up on them, or made them extremely optional.

nickjj3y ago

We must use computers much differently.

I don't login from new computers often, I have my personal machine and mobile phone. It's great to be able to login from a phone without needing a password manager or manually typing a 50 character randomly generated password where I need to be sitting in front of my main computer to even login. If you really have that many computers you'd still need to sync a password manager between all of them to login with a password.

I also don't browse with incognito mode on sites where I'm expected to be logged in unless I have multiple accounts that I want to have logged in simultaneously.

I also don't routinely switch browsers and if I do I only have to login once per browser and I'm done for a year or however long the site saves it for.

That doesn't sound like insanity to me? I didn't even think about them while writing my original reply because they are such outlier events.

1 more reply

j / k navigate · click thread line to collapse