[thelist] Usability question: home page vs dashboard at same URL

Lee Kowalkowski lee.kowalkowski at googlemail.com
Thu Sep 15 16:46:35 CDT 2016 

On 15 September 2016 at 19:39, erik mattheis <gozz at gozz.com> wrote:

>
> Is it that big of a deal to make a significant amount of mostly marketing
> material unavailable to users after they have logged in?
>

If a user wanted to view it, but they had to log out, first, then that's
not convenient, is it?

I also remember having used sites where if you are logged in, and navigate
to the website's home page, it logs you out and you have to log in again to
get back.  That is annoying.


> What are your thoughts?


I think the main issue I have with reusing a URL in this way is not really
so much about customer experience, although that is an important
consideration.

My main issue is, reusing URLs makes my life harder when analysing traffic
and securing my services.

When analysing traffic, it's easy to tell the URLs your users have been
visiting, but if you can't be certain what the user saw at that URL, then
you could be losing some critical 'at-a-glance' statistics.  To find out
this information is a little more effort if there are multiple
possibilities due to URL reuse.

URL patterns are also useful for security, for example, suppose all
authenticated customer pages were confined to /customer/*, and staff
functions were put under /operator/*, etc...  That's also easy when
filtering analytics.

It is also easier to control what your users are allowed to do by adopting
conventions, as opposed to implementing your authentication checks on a
case-by-case basis.  It's also easier to implement perimeter security this
way, as opposed to writing your checks within each operation (although that
may still be necessary), and reduced the risk of a developer implementing a
function and forgetting to secure it.

I also suppose from a HTTP perspective, this means you would also have to
disable caching for your public home page.  You might have reason to do
this anyway, but reusing the URL means you lose the option to cache the
pages for non-authenticated users.


> If we are going to hide the content what is the
> best way to do it?


Haha, maybe a message "Sorry, you need to be unauthenticated to see this
page"?  That would be awesome, I'd like to see that. ;)


> redirect logged in users to the dashboard from / or
> replace the content of / with the dashboard?
>

Well, redirecting to a dedicated URL would be best for your analytics and
security.  My thoughts above are my arguments for not replacing the content
of / with the dashboard.

It's just a bit mean to bounce your authenticated users away from the home
page when all it really needs is a link to the dashboard.  Clicking the
link would request /dashboard, and authentication can invoke the login
process only if required.

-- 
Lee

More information about the thelist mailing list