I was updating my passwords on various websites recently. However, one thing came to my mind: When should a web application disables all of one’s (other) logins on different places/computers? Should it explicitly provide a button to do this “global logout” thing?

For the first question, I was surprised that only a few services do that; they don’t do that when you login (since they allow multiple logins at once), they don’t do that when you logout, and they don’t do that even when you change the password (Skype is the only service I encountered do this; when I changed my password on the website, the Skype app pop up and demanding the new password to entered.)

For example, even though I changed the password with Firefox on my laptop, Facebook, Google, and Twitter logins on my mobile/cellular phone (that runs Opera Mini) still not disabled. For these logins, I guess the only way to disable them without going to the computer/machine and press “Logout” explicitly is to wait for the cookies to expire.

For the second question, my answer is yes. I provide the function as a check box under the login form when writing a web app. My app also do this when the password changes. Why? Since cookies are issued when people login with right password, cookies shouldn’t remain as now the password created the cookie are considered wrong.

The problem is serious. Think about it: You can cancel your credit cards if your wallet is stolen, but you can’t cancel a cookie remotely whatsoever. How would I suppose to protect my identities if my phone is stolen? Think about it, when you write your next app :-P. And please think about it, Yahoo, Facebook, and Twitter.

FireBBS 跟 PCMan Firefox Plugin 一樣，是把火狐升級成 BBS+WWW 兩用瀏覽器的套件。和 PCMan Firefox Plugin 不一樣的是，FireBBS 套件裡面沒有任何的 dll 或是 so 等 native code，它完完全全是用 JavaScript 寫成的。

所以之寫的出來是因為 FireBBS 用了 XPCOM 跨平台引擎裡面的 socket 來傳資料到 BBS 站台。這可以從 chrome://firebbs/content/firebbs.js 的前幾行看出來：

const Cc = Components.classes;
const Ci = Components.interfaces;

var nsISocketTransportService =
Cc["@mozilla.org/network/socket-transport-service;1"].
getService(Ci.nsISocketTransportService);
var nsIScriptableInputStream =
Cc["@mozilla.org/scriptableinputstream;1"].
createInstance(Ci.nsIScriptableInputStream);
var nsIInputStreamPump =
Cc["@mozilla.org/network/input-stream-pump;1"].
createInstance(Ci.nsIInputStreamPump);
var nsIConverterInputStream =
Cc["@mozilla.org/intl/converter-input-stream;1"].
createInstance(Ci.nsIConverterInputStream);

這就是我之前說的心目中的 embedded Telnet Client啦！遠在天邊近在眼前，寫的時候想說應該是 Flash 的沿伸或是其他 Plug-in 來才能做到，結果 Firefox 自己就有。

FireBBS 套件的作者花了不少功夫在把 BBS 上的資料呈現在網頁上，不過我想到更進階的用途：這樣的架構可以用來寫 PTT forum Reader，把 PTT 的板用網頁論壇的方式呈現，擴大 BBS 的 userbase (鄉民的 base XD)。因為是用 Telnet 連線，速度會跟傳統 BBS 一樣快；唯一的弱點只有 Firefox 慢死人不償命的 JavaScript Engine …

有人寫出來的話，記得 link 回這篇文章加個 Inspired by timdream ～ XDXD。