Asking users to sign in when already logged in

by rink.attendant.6   Last Updated July 09, 2019 18:16 PM

This is a rather confusing user interface element:

eBay sign in link

  • The presence of my name indicates to me that I am logged in
  • The presence of the "Sign in" link indicates to me that I am logged out

eBay isn't the only site that does this. I've noticed that Amazon does this too.

It appears that this happens upon my session timing out, however I also notice that my session hasn't completely timed out. For instance, my name and postal code are still remembered as the calculated price including shipping is available when I browse through items. In this half-authenticated state, I can't add items to Watch List, bid, etc.

Is having this half-authenticated state a good idea? Can improvements be made to the greeting/sign in UI as indicated in the attached image?

Answers 4

In regards to the 'half-authenticated state' being a good idea or not, I believe that's mostly a security "feature" to prevent unauthorized users from mucking about in your account too much. Like if your kids jump onto your computer, you don't want them adding stuff to the cart and buying $347 worth of pool noodles for some unknowable reason. Being partially logged out after a while on these sites can be annoying for those of us who don't have to worry about other users, but I can see the need for such things to be implemented both to protect the user and the vendor.

As far as the UI element of having that confusing "Hi, Logged-In-Person... Sign in here!" thing; I can't imagine that being anything more than an oversight on somebody's part. As you said, it's just confusing to the user to have conflicting indicators as to whether or not you're currently logged in. An easy way to improve that, clarity-wise, is to change "Sign In" to "Sign Out", which would make it obvious which state you're currently in. Or just remove it completely; most of us are trained, these days, to click our usernames to find the submenu where we can fiddle with settings and whatnot, along with sign out of our account.

August 26, 2014 06:01 AM

This is a common and effective pattern if done correctly. Essentially if there are a few sensitive actions and other less sensitive then delaying the authentication check may allow the user to perform low risk activity unhindered.

Examples of sites that do this well are:

Amazon: Browse and add products to your cart. Try to check out or view account / past orders though and an Auth check is performed.

Apple App Store: Browse apps, use the phone, use existing apps using just basic phone Auth. Try to install an app or change a security setting though and you get prompted for your iTunes or phone password.

eBay should probably get rid of the sign in link and if you try to perform a restricted action request you re-authenticate at that point. The reason eBay may not have done that is because bidding can be time sensitive so if placing a last minute bid not realising that you have to sign in could lose you an item.

Andy Boura
Andy Boura
August 26, 2014 18:18 PM

To me, this user interface element reminds the user that he or she has a relationship with the website in question, even if the user is currently logged out of the site.

For example, I've used various travel-booking sites, and for some I might have an account, and with others I may have transacted as a "guest." What's more, booking travel is something I do infrequently, so it's hard to remember whether I have an account with a particular website. So if (say) Expedia greets me with a "Hi, Mark! Log in", my name inexorably draws my eye to that UI element, and it tells me that I have an account, and therefore a saved credit card, transaction history, reward points, and the like.

Basically, this pattern reminds the user of their relationship with the service and gets the ball rolling towards getting you logged back into the site. From the point of the view of the online service, it can entice the user into interacting with the site more meaningfully (i.e. in a logged-in state).

Mark Nugent
Mark Nugent
August 26, 2014 21:42 PM

Many sites are adopting the partially logged in state when the site recognizes your email address or other account identifier. Maybe the user has not cleared cache and cookies and cache are still good, or maybe he's come from an email. The user is neither fully logged in/authenticated NOR are you logged out.

The "Hi Vincent, Sign In" indicates you are in the partial logged in state-- only your email address or other identifier is recognized. You will probably notice there is an option to log out, which would switch to "Hello. Sign in" at least in the Amazon example.

To access private parts of your user profile, make purchases etc, the user would need to log into to full authentication. As others mentioned the pattern serves as a global indicator that he needs to log in to access sensitive information.

The benefits of this state is that the site can be personalized based on your recent clickstream, providing you recommendations, and store that info in the cookie or in HTML5 local storage. We know users pogo around on websites, and this allows for a more seamless experience as you come back to the site.

The pitfall is it doesn't solve user problems across browser or across device which is increasingly becoming how users use the web.

August 27, 2014 14:52 PM

Related Questions

Updated February 06, 2019 10:16 AM

Updated May 31, 2015 21:41 PM

Updated March 19, 2016 08:06 AM

Updated April 16, 2016 08:06 AM