|Should you force a log in after initial sign up?|
When you first sign up for an account on a website, usually you are directed to log in with your newly created account.
However, this doesn't seem 100% user-friendly. If I've just entered my details, selected a password, etc, then why not log me in automatically?
I guess there is a benefit to forcing the user to 'try out' the new login details before first use. Is that the main reason why sign-ups don't usually result in automatic logins? Or is it technical laziness? (Obviously I'm not talking about cases where the email address needs to be confirmed before login is allowed).
I think some of it may be laziness.
In my experience though, I find it helps me in the long run. When I log in, my browser saves the login info. If I don't immediatley log in, then I have to go back and find that login info later.
Logging in immediately allows that info to be saved by the browser so that when I return later, it's already in memory and done automatically.
So, it ends up saving me time and allowing me to bookmark the login page for future uses.
Phil O'Sopher has the right idea. That being said, I like it when the site gives me the cookie and logs me in. I keep track of the password. If the site refreshes the cookie whenever I visit, then I might not need to log in again forever.
However, there are security implications. If it's a secure site (like banking), then you'll be using SSL and sessions anyway. I'd do it, just for "belt and suspenders." It will also, as has been mentioned, allow the browser to remember it for auto-fill, which is important for session logins.
If you want to encourage auto-fill, then you need to:
A) Make sure that you don't disable auto-fill on the login text items.
B) Make sure that you direct the user to the same login page they'll always be using, not some special "one time" page.
Just my $0.02.