Keep me Logged In - persitent Cookies
Featured threads
How long should we give our SEO company? 2 replies- Twitter Historical data 2 replies
- Agency & supplier input needed! 0 replies
- Overseas Delivery Calculation 1 reply
- Retail Home Page layout 2 replies
Most viewed threads in last month
Impact of social media on the future of customer service? 464 views- The LinkedIn "Action" Bar - any thoughts? 404 views
- Drop off in Forum Posts here 344 views
- Looking for French SEO specialist for urgent work 276 views
- Agency & supplier input needed! 268 views
Most active threads in last month
Looking for French SEO specialist for urgent work 5 replies- Drop off in Forum Posts here 5 replies
- How i can do online marketing for my business? 5 replies
- Impact of social media on the future of customer service? 3 replies
- Website Analytics help 3 replies
Producer at Wheel
26 February 2004 10:57am
Just wondered what people think about persistent cookies that keep you logged in on sites.
I can see the use on sites that you need to come back to frequently like mail or auctions but what about e-com sites?
I guess that people will not be nipping in and out as frequently
so may not want it...
Also do us Brits have different opinions on this to our US cousins? I think they are more comfortable with info on them
being stored, we tend to be a bit more suspicious.
whadday think?
cheers
Paul.
Technical Director at Box UK
26 February 2004 11:24am
My personal opinion - based on (a too-frequent...) use of ebay, amazon, and all the other biggies - as long as the site gives me the option (e.g. 'Remember my details?' checkbox), then I have no reason to complain - it's in my hands, and can use the extra functionality if I want, and if I trust the vendor.
Product Marketing at Google UK
27 February 2004 15:03pm
I’ve found in user research with a variety of sites that UK consumers are generally OK with cookies and the site functions they support as long as they see the benefit.
These site functions are sorted in order of increasing intrusiveness/potentially adverse reaction from consumers:
1. Persistent basket (Items you added in the last session are still there when you come back)
Viewed as very helpful, in fact most users expect to see their basket from the last session without logging in, and are irritated if the site ‘loses their work’. Note that this does not have to be personalised, i.e. is pretty non-intrusive. Most customers won’t think twice about the fact that the persistent basket is driven by a cookie. If they do worry about cookies, it’s such a big benefit for relatively little intrusion that most will be convinced to accept persistent cookies if you explain the basket to them (e.g. in the privacy policy).
2. Prefill username
If people use a site less frequently they tend to forget their login details, so pre-filling their username field on the login page is generally regarded as helpful. However that does not mean full automatic login for all site functions - always ask for password before accessing any area displaying personal information (my account) or to complete a transaction (checkout).
3. Personalised welcome
Some UK consumers do react a bit funny to the US-style 'Hello Obi, welcome back' on the home page (partly perhaps because it’s a bit cheesy?). So I would not bother with that unless you have something to offer them like personal recommendations (made famous by Amazon).
4. Personalised recommendations
If you do offer personal recommendations, they are generally viewed as a benefit as long as they are relevant. Users that are new to the Internet will find personalised recommendations more spooky than those conditioned by Amazon. A small link ‘what’s this?’ to a help page that explains how the recommendations are created can dispel scepticism.
5. Stored personal details (name, addresses)
Most people expect a faster checkout for returning customers and are OK with sites storing their details, as long as they are protected by a password (see above).
6. Stored payment details
The big divide. New users tend to be worried about security, old hands find it irritating if they have to enter their credit card details again and again. A good compromise is to ask for the CVV number every time they check out, which you are not allowed to store anyway. Or implement Verified by Visa, which asks for a password for every transaction. This will also help to combat fraud.
In terms of presentation, this is good practice:
1. Ask for their permission to store details
As mentioned by the previous post, it’s good practice to allow them to opt out of storing their details when they go through checkout for the first time. In my opinion it's OK to make a ‘remember my details’ checkbox default to opt-in rather than making them tick it actively as you have to with emails. Explain the benefit to the customer ('check out faster next time you shop'), and have a link to your privacy policy including use of cookies in plain English.
2. Provide an opt-out
Have a link to the privacy policy on the home page that explains the privacy policy including use of cookies. Include a 'sign out' link that removes the cookie if people are really worried about it. This does not have to be very prominent – those who care will find it. The footer is a good place for both of these links.
Hope this helps.
Obi
Fndr at Majestic12.co.uk
01 March 2004 11:35am
I am surprised it was not mentioned but persistent cookies that can be used to identify specific customer are of vital important for targeting.
By knowing your customers browsing patterns you can achieve significant increases in email conversions. In our case in Jungle.com we achieved increases in both response and conversion of over 1,000% each! Once you try it first time you will be convinced that you want to keep doing it, the business case for it is simply overwhelming.
This is where you will hit first major problem - you will find that only a small minority of your customers are always "logged-in" even if your system uses persistent cookies for that purpose. And there is a good reason for it - persistent "login" is a security issue because someone else who uses that PC can conduct operations that logged in customer might not want to.
Amazon worked it around by requiring to provide password on a session basis, in effect that's where they "log you in", but they can still track you on persistent basis. This is a good solution but we developed a better one - independent persistent cookie that uniquely identified customers or any email subscribers but it was not used for any security sensitive operations. It was not “logging in” people in its normal sense, but still allowed to track them.
Running two similar cookies in parallel is not something development teams will like, but there is a good business case for it as number of "tracked" users will be much higher than number of "logged" in users especially if you liked that tracking to emails, ie you know who you mailed to, so that a click on a link which would contain that second tracking ID to be set as a permanent cookie. Added bonus is that this will enable you to understand what some of your (say) newsletter subscribers want from your site even if they have not yet become your customers.
We found that this tracking system that can be run in parallel to normal "logins" greatly increases number of people who can be presented with personalised features such as those detailed by Obi. In early days a lot of investment was made into online personalisation and most of which was waste not least due to small number of people that were actually presented with personalised pages.
Last but not least thing is that whatever you do make sure its inline with current legislation regarding cookies usage!