MZMcBride wrote:
I actually like the feature, personally, but I agree that it's UI clutter. What annoys me about global login is that it adds a noticeable delay to logging in, twice, with generally very little benefit to the user. You have to wait for the little images to load, then you have to click to go back to whatever it is you were working on, and for most people, they logged in to a specific project because they wanted to edit that specific project. They have no intention (or even care about) editing Wikiversity or Wikisource or whatever else they're now logged in to.
The reason I set to add it was that loggin in on not-too-used sites actually short lived my long sessions. Bug 24471 [1] explains a similar problem although you have to read [2] to understand it.
I agree it's some UI clutter, but there is no way to per-user hide a pre-login option. The magic parameters are good for insiders, but aren't a proper fix either.
If there's a way to improve the general login workflow (AJAX, CORS, whatever), I'd like to see that implemented before this checkbox is ripped out. I'm not sure, even with dark wizard magic, how you'd easily disable global login. I suppose a Greasemonkey script might be able to auto-redirect you on login or something, but that's a nasty Mozilla dependency that only works per-computer.
I'd like changing the way Central Auth works, so that instead of automatically being logged in, you would need to click a link, and you would be logged with the crendentials from a central site.
This would allow to fix many issues with one shot: bug 225 (use ssl for logins), bug 14407 (some wikis aren't included), bug 19161 (the privacy issue), plug certain security holes, reduce apache hits...
The main problem here is that it means a change of behavior for our lazy users (one more click!), so we should have consensus for pushing that.
I foresee something like a javascript file fetched from the login server which would eg. change pt-login to "Login as X!". The specific options would need to be discussed. Should clicking on pt-login log you automatically if you are logged in meta, or should it show you a prefilled field first, so that you can log with an alternate username? Should the edit link be hacked to log you when you go there?
It is also possible to change the cactions in that javascript, so that it would mostly look like being logged in, while actually having been served the logged-out html. It could reload the page when you use a different skin, or uncommon preferences, but the intent is to avoid that change on the normal case. It could set the Personal tools, add a watch tab, post-load your scripts and even css. But it would be harder for admins, as they have much more actions. It doesn't seem sensible to reproduce in javascript every check for editability, or places where a rollback link could be added.
The users may be happy with a limited logged-like interface though. I think they are the biggest resistance problem after they they have been given a "you are logged everywhere" system. The most affected users would be those doing cross-wiki work on very different sites: mainly global sysops and stewards. As people doing work on several wikis will keep their logins (and we can keep per-domain logins, too) maybe the impact is not so big, but I prefer not to subestimate it.
Those are a few ideas of what we could draw there. Do you like these ideas? A way to improve it? Would that completely break usability? Please share!
1- https://bugzilla.wikimedia.org/show_bug.cgi?id=24471 2- https://bugzilla.wikimedia.org/show_bug.cgi?id=14407#c30