I’m continuing the overall security review and code refactoring of LGF, and there are some small but perhaps noticeable changes in our “Manage Your Account” page as a result. The first time you enter that page, you’ll be greeted with a login form. Once you sign in to the Account Management page, you’re officially “logged in,” and you can leave that page and return without signing in again, during your current browser session. (A browser session usually ends when you close your browser.)

Since you’re logged in, I thought it only right and proper that I give you the option to log out—so there’s now a link at the top of the page (once you’re logged in) that lets you bail out and destroy any existing session data. Like if you’re in an office with a moonbat in the next cubicle. Hint.

The login page now includes a “Remember me” check box. If this is checked when you submit the login form (by clicking the “log in” button), it sets an encrypted cookie in your browser containing your login information, so you don’t have to enter it manually each time you post a comment. Needless to say, it’s probably not a good idea to set this on your work computer with moonbat neighbor.

Note: as an extra security measure, your login cookie does not work to sign in to your user account. It only fills in your name and password in the comment posting form. This way, even if the office moonbat gets access to your computer, she can’t do anything really nasty like change your password without your knowledge, or edit your user information to say, “My mother wears Army boots.” He/she/it can only post comments pretending to be you, which could even be funny. But probably wouldn’t.

There are many internal enhancements in the management page too, to increase security, but I won’t go into detail about those. (Was that a sigh of relief I heard?)

I’ve got one cool feature working for which I need lizard input. As you may or may not recall, our session data is now being stored in our MySQL database (by replacing the default PHP session handlers, but I can almost see the eyes glazing over…)

Since I now have so much more control over the session information, a feature I’ve got working in development is displaying the current usernames that have recently commented, or that have logged in through the User Management page. My question to the Lizard Army (if I haven’t lost you already) is: is that too much information to share? Would you object to having your username displayed, or would you think it’s groovy to see who’s online?