On 1/13/08, Rotem Liss rotemliss_net@fastmail.fm wrote:
Users may want to prevent their user name from appearing in the login box (or in a cookie, anyway), in public places or anywhere. The UserName cookie should be deleted when logging out. I think the LoggedOut cookie and the session are harmless, though.
In such public places, you would want to delete *all* cookies when logging out. By that logic we should save no cookies at all when logging out. Rather, the user should delete all the cookies if they're concerned about this (and if it's a public place, the browser should be configured to do this automatically).
I would agree with you if it were sensitive information, of course. But honestly, it's not a huge deal that their username shows up in the login box, so I think it's best to go with what's best for most users.