One piece of client-side behavior that might be a little more vital than “polish:”
Here on meta last night I noticed that I cannot log out when the site is set to read-only. The logged in session persisted between browser restarts. This did not inconvenience me, as I was using my own device and internet connection, however not all forum users will be in that position.
If we assume that a user is at a public internet kiosk of some sort, (Public library, Internet cafe, etc.) The only way to prevent the user’s account from being compromised if he needs to leave is:
- Hope the user is savvy enough to clear his cookie cache before leaving.
- Hope the access point automatically does so between users.
In an ideal world, both of these would be true. In our world…
If you are already aware of this, sorry for the duplication. Just thought it might be worth mentioning.