Web Site for my Students

[Gregory Lypny]

Hello Robert,

I’m just a beginner when it comes to creating web sites where people can log into user-created accounts, but I was under the impression that most sites that have logins use cookies to allow site browsing according to user characteristics, preferences, or page states. Is there an alternative to cookies? Mine are strictly for authentication. I have no problem placing a notification on the site stating that cookies are used, although I too do not know whether this is a requirement in Canada.

As for the confidentiality of student IDs at my institution, I would say they are, although I still occasionally find professors leaving a stack of graded student essays outside their door, old-school style. But the confidentiality of student IDs need not be a problem on my website because I don’t need to save them in a cookie. I can save a unique and randomly generate string that is associated with the student ID after login authentication.

Gregory




On Tue, Oct 29, 2013, at 11:29 AM, Robert Brenstein wrote:

> In many countries, using cookies in this way requires explicit 
> consent from each user, but it I don't know whether this applies to 
> Canada and whether all your users are in Canada.
> 
> Aside from spoofing already mentioned, the question to consider is 
> how private is student id considered by your institution. 
> Theoretically, you could remove it (I mean the value of cookie) when 
> student logs out, but most users just walk out, leaving their id on 
> the computer. If all users are using only their private computer, 
> this is fine, but if they also use public computer, that can be an 
> issue (from another person doing things under that id to someone 
> finding an id of a specific person).
> 
> Robert