To autologin or not to autologin?
At PostJobFree we are sending out multiple emails.
For example, job search alerts.
These emails have links, and these links allow us to track users.
In addition to tracking user we may autologin users to our web site to make their life easier.
At the same time autologin from email link could be a security concern: what if a job seeker forwarded that email to a recruiter, so now that recruiter can autologin as the job seeker.
It's pretty much a trade off between convenience and security.
So far we allow job seekers to autologin using links in job alerts we send to them.
But we do not autologin recruiters:
Recruiters on average are more computer savvy and are able to autologing.
Recruiter's account is move valuable than average job seekers' account.
We also do not autologin based on old links (only 7-days old links support autologin).
What do you think: should we autologin users based on email links?
For example, job search alerts.
These emails have links, and these links allow us to track users.
In addition to tracking user we may autologin users to our web site to make their life easier.
At the same time autologin from email link could be a security concern: what if a job seeker forwarded that email to a recruiter, so now that recruiter can autologin as the job seeker.
It's pretty much a trade off between convenience and security.
So far we allow job seekers to autologin using links in job alerts we send to them.
But we do not autologin recruiters:
Recruiters on average are more computer savvy and are able to autologing.
Recruiter's account is move valuable than average job seekers' account.
We also do not autologin based on old links (only 7-days old links support autologin).
What do you think: should we autologin users based on email links?