Hacker News new | past | comments | ask | show | jobs | submit login

My navigation was:

- home page - /house - /info/sensors - /house/add

I went to the last page because I was curious that you had to register _before_ buying.

At this last page I saw my gmail username pre-populated in the form automatically which freaked me out (I didn't even know grabbing a visitor's google account name was possible) and I closed the page, I did not submit (voluntarily) any info. Then within a couple of minutes I got in my gmail account a welcome email.

I think this is way worse than spam, fix asap.




  (I didn't even know grabbing a visitor's google account
   name was possible)
I didn't either, but it seems you can simply use Google's API to allow a user to sign in, where the user name of the user that signs in (or is already signed in!), is reported to the user of the API via a callback. The request after you sign in has a 'continue' HTTP header that says something like:

  continue=http%3A%2F%2Fwww.wattvision.com%2F_ah%2Flogin%3Fcontinue%3Dhttp%3A%2F%2F
  www.wattvision.com%2Fhouse&service=ah&dsh=2844188452075813479&timeStmp=&secTok=&GALX=
  DTEVMCX16p4&Email=<your gmail address>&Passwd=<your_password>


same here.. Are you using appengine? There is a recommended way to get the login implemented from appengine.

http://code.google.com/appengine/docs/python/users/overview....

I am not sure if you wanna do federated login on appengine.


Confirmed: I just replicated this behavior.


And me as well.


+1




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: