Kim Said that I was wrong...
Kim said that I was wrong on the cookie phenomena when "infocard" authentication was used...
well, I'm not too sure about that.. Here's my exercise details to crosscheck if I really was wrong.
I cleared by browser cache, cookies..... everything to start with a clean slate...
The following screenshot shows the existing cookie list from my browser.. (note: no identityblog.com cookies)
Then I logged into identityblog using my "infocard" ID, And tried to post a comment. The screenshot below shows that the comment form was not filled out with my info.... However after the comment posted, it showed that the comment was posted by me... using the info that my "infocard" had...
The following screenshot shows the cookie list in my browser AFTER infocard auth. Notice that the cookie name is wordpressuser_MYSESSIONID & wordpresspass_MYSESSIONID
Then I logged out and the cookies disappeared... Neat stuff. Kim was right, the cookies get established when one logs in and then destroyed when one logs out.... or closes the browser, which is a nice thing because it was session based... usually the cookies exist for a period of time till the session timeout value exceeds the set limit. But in this case the session was immediately destroyed regardless of whetherI logged out or closed my browser... nice... really nice... IMPRESSIVE....
Then I posted a comment without authentication, and by filling out info in the comment form. The following screenshot shows what I did.
Actually I made a small error at this point.. I had posted a comment without logging out. I simply forgot to hit the "logout" button in the process of ALT-TABBing between this blog post and his blog. So I Hit the logout button and THEN posted the following comment:
As soon as I did that, I noticed that Kim's blog server set 3 cookies as the following screenshot depicts: (note the cookie names, they start with comment_author_MYSESSIONID, comment_author_email_MYSESSIONID, comment_author_url_MYSESSIONID.
Now I login with infocard again... and post a comment as the following screenshot shows:
I checked my cookie list and saw that in addition to the cookies priorly set without infocard auth, there were 2 more cookies... The following screenchot shows that....
...In short, Once a user uses the forms to post comments, the regardless of the "infocard" auth, the cookies persist in the browser....
However the form gets posted by the "authenticated user" regardless of the info one fills in the comment form.... But after the user logs out, he still can post comments without authentication and the persistent cookies take precedence....
INFERENCE: Kim's wrong 50%, I am wrong 50%. We are both 50% wrong.... ROTFL...
AH! with these screenshots, I do not think I need to explain more, You dear readers of my blog/s, can be better judges of what works and what does not 
Cheers for now. That was a fun exercise...
update/note : Please refrain from sending me emails that the cookie list screenshots were
Posted by Superpat on March 24, 2006 at 07:51 PM EST #
Thats for the tip. I know that the "extra" cookies" in my screenshots can be irritating and it would be betetr to have a clean cookie list and not show all the other cookies.. But howerver, I hope you understand that in the little time's iv've got outside of my day job, I play around with testing and using these new products/frameworks thrown out there.. and in the process am also doing several other things... {{multi tasking}}}.
It completely skipped my mind to create a firefox" profile and use that for testing, and inadvertently used the same browser profile that i always use...
Advise taken and accepted. I shall create a firefox profile for testing this stuff thus keeping the screenshots clean of "other" identifying info that may popup.
Rohan
Posted by Rohan Pinto on March 25, 2006 at 08:50 AM EST #