Makes sense. No action until the user clicks something on the page. One extra step but better than having “helpful bots” wreak havoc.
> to store a secret in the browser […] is doing a browser fingerprint match
I get the idea but I really dislike this. Assuming the user will use the same device or browser is an anti-pattern that causes problems with people especially while crossing the mobile-desktop boundary. Generally any web functionality shouldn’t be browser dependent. Especially hidden state like that..
Makes sense. No action until the user clicks something on the page. One extra step but better than having “helpful bots” wreak havoc.
> to store a secret in the browser […] is doing a browser fingerprint match
I get the idea but I really dislike this. Assuming the user will use the same device or browser is an anti-pattern that causes problems with people especially while crossing the mobile-desktop boundary. Generally any web functionality shouldn’t be browser dependent. Especially hidden state like that..