Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The only situation you're targeting, then, is when a user intentionally logged out (in non-privacy mode) in the past (because otherwise they wouldn't have the half-cookie). Is it really desirable to log in them automatically in such cases? But then if they're clicking on the link in the first place, one might conclude that they desire is to log-in, so it's just added convenience.

However is it legal under the new EU cookie-act? I mean, after all, this is tracking outside of our website.



Lots of people "log out" by letting their session expire; this would merely get them back in the game faster.

I'd expect this to be legal - set the cookie on login.mydomain.com and never use that domain name for anything else - but IANAL.


> Lots of people "log out" by letting their session expire; this would merely get them back in the game faster.

I'd expect, that someone that is going to employ auto-login URLs, is not going to be shy in using ‘forever’ login cookies anyway.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: