Best place to put optional Sign in/Sign up box on a website with auto-register user

We’ve wrote a website so that users can purchase ticket (for concerts). For users convenience we wrote user temporary registration and auto login systems. So users don’t need to Sign in/Sign up to purchase ticket.

For more features(e.g tracking his/her purchase) sign up/sign in is needed, but I don’t know where is the best place to put Sign in/Sign up box on the website. I think if I put such a box in header section(e.g) newbie user will think sign up is mandatory.

Best place to put optional Sign in/Sign up box on a website with auto-register user

We’ve wrote a website so that users can purchase ticket (for concerts). For users convenience we wrote user temporary registration and auto login systems. So users don’t need to Sign in/Sign up to purchase ticket.

For more features(e.g tracking his/her purchase) sign up/sign in is needed, but I don’t know where is the best place to put Sign in/Sign up box on the website. I think if I put such a box in header section(e.g) newbie user will think sign up is mandatory.

Is it reasonable, If we use popup mode for Single Sign On?

Our applications have oauth for google, and we use popup mode. Login page have a button for authorization via google. But now customer want to use single sign on (SSO) for authentication. As I know about SSO, we haven’t use login page app, we redirect to login page of SSO website. So It’s make sense when we use popup mode for SSO. We put button keycloak (SSO), and show a popup for authorization. But It’s flow is same oauth. Would you show me the reasonable way use popup mode for SSO or SSO only use redirect mode.

Is there a list of Certificate Authorities that provides certificates valid also for digitally sign a document?

I have to digitally sign a pdf. I created a little app using the DSS library (an EU project, based on Bouncy Castle, very simple to use) that sign the PDF with PADES using a p12 file.

I know how to create a p12 file from a certificate using openssl. The problem is I only find Certificate Authorities that provides certificates for SSL.

There’s somewhere a list of official and trusted CAs that provides X.509 certificates also for signing documents? I’m interested in pricing in particular… 😛

Thank in advance.

Asking users to sign in when already logged in

This is a rather confusing user interface element:

eBay sign in link

  • The presence of my name indicates to me that I am logged in
  • The presence of the “Sign in” link indicates to me that I am logged out

eBay isn’t the only site that does this. I’ve noticed that Amazon does this too.

It appears that this happens upon my session timing out, however I also notice that my session hasn’t completely timed out. For instance, my name and postal code are still remembered as the calculated price including shipping is available when I browse through items. In this half-authenticated state, I can’t add items to Watch List, bid, etc.

Is having this half-authenticated state a good idea? Can improvements be made to the greeting/sign in UI as indicated in the attached image?

Why sign session cookies?

I’m using express-session middleware to store sessions on the server. The client’s browser gets a cookie with the session ID. A secret is required in the configuration; it is used to sign the session ID cookie.

https://github.com/expressjs/session#secret

What’s the value of this signature? What’s the threat it’s mitigating? Even if a threat actor knows a session ID, they have no access to the session store. The odds of guessing someone else’s ID should be astronomical.

Sign Up with Email for Students

I have an issue, I want users to be able to sign up to our platform. However, as they are students…

  1. They don’t have an email address or use them
  2. Majority have telephone or social media

Our problem is we are offering a package to schools. IF 90% of the class can sign up, we need a solution still for 10% who may not have ANY way to verify themselves.

I did think just username/password – but what happens if they forget both?

Should the user be forced to sign in for a wish list on an ecommerce site?

I believe that signing into a site can be a big barrier to users so prefere e-commerce sites that offer guest access.

The question is should wishlists be a guest feature or do the business advantages enforcing the user to sign up outweigh the potential increases in profits.

Does anyone have any research or views on this?