Its a bit confusing that the "remember me" option is also visible on
the page where you have to verify your password, it shouldn't be
needed.

I also think that it can be made more clear to the user what's going
on by improving the status message, something like: "Please verify
your password to view this page".

Which also reminds me that README.txt also was a bit unclear on this
excellent functionality: "...which pages users cannot access without a
password-based login." Something like "..which pages users cannot
access without verifying their password". Or if you use the "explicit"
vocabulary to be consistent with the settings page.

Comments

bjaspan’s picture

bjaspan commented
Status: Active » Fixed

Fixed. Instead of hiding 'Remember Me' during verification, I just pre-check it. Having an invisible Remember Me seems like a bad idea to me.

Thanks!

anders.fajerson’s picture

anders.fajerson commented
Status: Fixed » Needs work

I don't agree. When you think about it, the remember me checkbox has no functionality in this context, i.e, it doesn't matter if it's checked or not: it doesn't affect the "global" remember me (which it shouldn't) and you only need to verify your password once per session (which is correct).

And the page can actually be even more simple, the tabs can all be removed. Register and request new password are even broken in this context.

bjaspan’s picture

bjaspan commented
Status: Needs work » Fixed

I thought about it more and decided you were right. Remember Me is no longer shown on the reauthentication form.

I'm not going to remove the register and request new password tabs because I don't want to screw with user.module's menu. I suppose it is possible to call user_login() to get just that form but I don't think it is that important. If you do, feel free to submit a patch.

anders.fajerson’s picture

anders.fajerson commented

Yeah, why not use user_login()? Great idea! :)

Anonymous’s picture

(not verified) commented
Status: Fixed » Closed (fixed)