Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
If a site uses a persistent login feature that’s set up according to the best practices defined here, are there any potential security issues with dropping the persistent login cookie right at the account creation step? (Immediately upon validating the new account data on the server.) The site does not require that users verify new accounts via an e-mailed link.
If this suits your needs, then there would be no technical reason to prevent you from dropping a persistent cookie. There is an assumption that you are wanting to do this to keep the user logged in between browser restarts etc.
Just do this with caution, on the t’internet the whole account activation without some kind of validation/confirmation is open to exploits – so as long as you have weighed those risks up then I see no problem.