I feel like Smugmug is now advertising to me. I know my viewers don't see this, but there are a couple things that bug me about this:

http://content.screencast.com/users/jfriend/folders/Jing/media/84140324-d123-4fe5-abe4-4002c5272896/2008-12-06_2142.png

First, I have no interest in cards from Smugmug. I've already received my holiday cards from the same vendor I've been using for the last 5 years. I'm certainly fine with Smugmug offering cards, I just don't need to be reminded about it several times a day.

Second, I hate this stupid screen that comes up after I log in. It's just a waste of time. Smugmug knows exactly where I was before I hit log in. Just take me there and don't make me click extra. Especially now, when I have to log in more often for the control panel. And, I work on multiple accounts so I have to log in to switch accounts too.

Third, why are you advertising to me? It feels like SPAM. I paid for my account. I don't want to see your promotional material when I don't want to. I'm fine with occasional notices on the homepage that I can dismiss after I've seen them, but I'm stuck with this every single time I log in. I'm fine with an occasional email announcing something new. But, this is just annoying. It's annoying that I have to go to this screen in the first place after logging in and now it's annoying that I have to see an ad for your cards everytime I go there.

This doesn't seem to be in the spirit of no spam, no advertising. I don't know quite why it bugs me, but it does.

Anyone else with any thoughts on this?

I don't like this either, although I suppose there are many smugmug customers who don't follow the announcements in this forum. The "ad" may be appropriate for them.

I'd like to see an opt-out option for these ads that can be set at the login level - not as a cookie. So when I log in I don't get the ads.

I'd also like to go directly back to the page I was on when I logged in. The only case where I think it's valid to ask the question about where I want to go is if I logged in from www.smugmug.com (http://www.smugmug.com). I usually log in from <mysite>.smugmug.com though, and in that case it makes more sense to go directly to the page where I invoked the log in.

--- Denise

I don't like this either, although I suppose there are many smugmug customers who don't follow the announcements in this forum. The "ad" may be appropriate for them.

I'd like to see an opt-out option for these ads that can be set at the login level - not as a cookie. So when I log in I don't get the ads.

I'd also like to go directly back to the page I was on when I logged in. The only case where I think it's valid to ask the question about where I want to go is if I logged in from www.smugmug.com (http://www.smugmug.com). I usually log in from <mysite>.smugmug.com though, and in that case it makes more sense to go directly to the page where I invoked the log in.

--- Denise

Thanks Denise.

Even when you log in from www.smugmug.com, why shouldn't you just be taken to <mysite>.smugmug.com. Where else could you possibly want to go next? The only other choice is back to www.smugmug.com and that doesn't make any sense to me since you just logged in. It seems that this screen ought to just be gone entirely.

I feel like Smugmug is now advertising to me. I know my viewers don't see this, but there are a couple things that bug me about this:

http://content.screencast.com/users/jfriend/folders/Jing/media/84140324-d123-4fe5-abe4-4002c5272896/2008-12-06_2142.png

First, I have no interest in cards from Smugmug. I've already received my holiday cards from the same vendor I've been using for the last 5 years. I'm certainly fine with Smugmug offering cards, I just don't need to be reminded about it several times a day.

Second, I hate this stupid screen that comes up after I log in. It's just a waste of time. Smugmug knows exactly where I was before I hit log in. Just take me there and don't make me click extra. Especially now, when I have to log in more often for the control panel. And, I work on multiple accounts so I have to log in to switch accounts too.

Third, why are you advertising to me? It feels like SPAM. I paid for my account. I don't want to see your promotional material when I don't want to. I'm fine with occasional notices on the homepage that I can dismiss after I've seen them, but I'm stuck with this every single time I log in. I'm fine with an occasional email announcing something new. But, this is just annoying. It's annoying that I have to go to this screen in the first place after logging in and now it's annoying that I have to see an ad for your cards everytime I go there.

This doesn't seem to be in the spirit of no spam, no advertising. I don't know quite why it bugs me, but it does.

Anyone else with any thoughts on this?

Simply put: ditto on all.

Now I realize that the same promotion/ad is on the login page itself too:

http://content.screencast.com/users/jfriend/folders/Jing/media/2699c7d0-0f5a-442f-b70f-b6c85d02f95c/2008-12-07_0601.png

I can't say it bothers me either way, to be honest. :dunno

John, I feel exactly the same.

:lol3 we're damned if we do, damned if we don't!

This is really kinda funny, but I know that you John, and many Dgrinners have told us that we've been too quiet in the past about features and releases. We plan on using the login page to draw customer attention to new things - like cards, like new custom domains & right click protection for power users, maybe a pro lab, maybe coupons, maybe a facebook app, maybe an explanation about security keys, maybe a pointer to new terms and conditions, etc etc.

We hate, despise, and abhor spam John, and I know you know this.

All this being said, I'll make sure the whole team sees this thread :thumb

Although I have learned to ignor these types of ads as I have other "free accounts" that have them.....I can understand your point John. We are paying. I do find it a little annoying as I only see this whenever I go to sign in to do something on my custom page for the whole site.

As for signing in to get to my site, since I am the only person who uses this computer and it is password protected...I hardly ever have to log into my smugmug site. I just logged in once then went to my homepage and saved it to my favorites list. Now all I have to do is go to my favorites and navigate to my homepages as signed in. Just a suggestion if you have a computer all to yourself.

:lol3 we're damned if we do, damned if we don't!

This is really kinda funny, but I know that you John, and many Dgrinners have told us that we've been too quiet in the past about features and releases. We plan on using the login page to draw customer attention to new things - like cards, like new custom domains & right click protection for power users, maybe a pro lab, maybe coupons, maybe a facebook app, maybe an explanation about security keys, maybe a pointer to new terms and conditions, etc etc.

We hate, despise, and abhor spam John, and I know you know this.

All this being said, I'll make sure the whole team sees this thread :thumb

I've got no problem with you sending out reasonable notifications via email or via the homepage messages. In fact, I generally think you undercommunicate that way. You have both of those options and I have never complained about those. What I like about those options is that once I've seen it, I just hit dismiss or delete and it's gone - I don't have to continually see it.

I have no such option in the login dialog. Once I'm aware of the cards, it just feels like continual advertising that I'm forced to look at just to use the product. It is no longer to my benefit that it's there, the only possible benefactor is you by trying to continually sell me something. So, once I've seen it and am forced to continually see it, it starts to feel like you're dong this purely for your own commercial benefit and not for your customer's benefit and that goes against what I want to be Smugmug's premise and I think something you strive for too.

To be honest, I'd probably be bothered less if you were just telling us about the existence of some new time saving feature or new capabilties. But, the way this one comes across, it feels like you're trying to generate more revenue for Smugmug by getting more of us to buy cards. That belongs in ShutterFly and other free services. That doesn't belong in a for-pay service and certainly doesn't fit with your image-to-date.

Wrapped into this same thread is the annoyance of this post-login screen in general. There's just no need for it - ZERO. When I hit the menu item to go to the control panel and it asks me to log in, why does it AGAIN ask me where I want to go. I couldn't have been less ambiguous. I clicked on a menu item to take me to the control panel. So, after I log in, take me to the control panel. Don't ask me AGAIN where I want to go! This is just bad UI design. It used to not be a big deal because I didn't have to log in very often, but now you force us to relogin fairly regularly.

I just hit dismiss or delete and it's gone
I asked our sorcerer (in this case, Baldy) if this is possible :thumb

I feel like Smugmug is now advertising to me. I know my viewers don't see this, but there are a couple things that bug me about this:

http://content.screencast.com/users/jfriend/folders/Jing/media/84140324-d123-4fe5-abe4-4002c5272896/2008-12-06_2142.png

First, I have no interest in cards from Smugmug. I've already received my holiday cards from the same vendor I've been using for the last 5 years. I'm certainly fine with Smugmug offering cards, I just don't need to be reminded about it several times a day.

You know, we agonized and debated about this internally for awhile, too, because we're conflicted. But this came down to a few important items:

- Our customers were hounding us for holiday cards. Which we had, and we'd emailed everyone who'd opted-in to our announcements, and we'd put on their homepages in the 'Quick News' box, and put on our homepage. But they were still asking us to offer them. The instant we put this on the login pages, our support requests evaporated. Now everyone finds out.

- Our customers (including you, I think?) ask us all the time to be better about announcing new features and important changes. The 'Quick News' announcements and emails aren't enough, so we've targeted the login pages as a spot where people just can't miss it. In this specific case, we may have erred on being too promotional, but that's what feedback like this is for. I think you can expect us to continue to announce/remind everyone of, say, the currently most important 4 changes at SmugMug on this page. Today, based on our customer feedback, that's holiday cards. Long term, it's certainly not intended to be advertising-focused but informational-focused.

- I think every employee, myself included, truly feels this is solving a customer pain point ('Why can't I order holiday cards at SmugMug?') at least as much as a profit generating center.

Second, I hate this stupid screen that comes up after I log in. It's just a waste of time. Smugmug knows exactly where I was before I hit log in. Just take me there and don't make me click extra. Especially now, when I have to log in more often for the control panel. And, I work on multiple accounts so I have to log in to switch accounts too.

I hate that page, too, but the browsers force us to do it. I'm sorry about that - but if we go from an SSL page to a non-SSL page without an interstitial, the browsers pop up security warnings that our customers are allergic to. I'm open to alternate suggestions, but every one we've heard in the last 6 years hasn't panned out. We used to just let them browse SSL pages for a little bit and let them switch on some other click, but we got lots of complaints about speed, so we had to figure something else out.

Third, why are you advertising to me? It feels like SPAM. I paid for my account. I don't want to see your promotional material when I don't want to. I'm fine with occasional notices on the homepage that I can dismiss after I've seen them, but I'm stuck with this every single time I log in. I'm fine with an occasional email announcing something new. But, this is just annoying. It's annoying that I have to go to this screen in the first place after logging in and now it's annoying that I have to see an ad for your cards everytime I go there.

This doesn't seem to be in the spirit of no spam, no advertising. I don't know quite why it bugs me, but it does.

Anyone else with any thoughts on this?

I'm not entirely sure how we can easily separate out those are dying to hear about holiday cards (tens if not hundreds of thousands of our customers) from those who don't (unknown, but I'm not aware of much negative feedback). But I'm all ears. :)

One sad aspect of our current economic crisis is that most, if not all, companies are going to get more promotional simply as a means of staying afloat. We feel the same pressure. Our business is still strong, and growing more strongly than we expected given the dire nature of the market, but we have a responsibility to our customers and employees to keep it that way.

We realize that spam and advertising has a net negative impact on our business, but we're also told many times daily that we're blowing it with customer communication (not enough) and that we're losing business that way. Finding the sweet spot is an interesting exercise, and we're bound to make mistakes. But as you know, we listen and make course corrections.

So thanks for your feedback, as always!

It used to not be a big deal because I didn't have to log in very often, but now you force us to relogin fairly regularly.

I think you're going to have to clarify this, because we still let you stay logged in for an awfully long time. No changes that I can think of force relogin any more often then they have since our inception, and I know personally, I'm not forced to relogin often at all. This may be a bug.

I think you're going to have to clarify this, because we still let you stay logged in for an awfully long time. No changes that I can think of force relogin any more often then they have since our inception, and I know personally, I'm not forced to relogin often at all. This may be a bug.
John's referring to the stuff we do in CP Settings, and also on the Customizing page from control panel. We added the login for security reasons.

Wow -

What a great place to put announcements.

Since you need to have the interstitial page for tech reasons, why not make good use of it?

Please start putting the release notes there too.

You guys that don't care for it, I do respect your opinion, I just disagee.

I think you're going to have to clarify this, because we still let you stay logged in for an awfully long time. No changes that I can think of force relogin any more often then they have since our inception, and I know personally, I'm not forced to relogin often at all. This may be a bug.

About 3-4 months ago some changes were made that force a relogin under some circumstances (which were never explained) when you go to the control panel. At the time there were lots of people asking about it in the forums and it was acknowledged by support personnel as a "security change" that nobody was willing to discuss further.

I also administer three Smugmug accounts and, while I generally try to keep them in separate browsers, I only have decent development tools in Firefox so I have to change logins sometimes for that reason. And, because I help so many customizers here at dgrin, I frequently need to see things in either the logged in state or the not logged in state. Thus, I'm seeing this all the time.

It's trivial to reproduce. Login, go to your site-wide-customization screen. Close all browser windows. Open browser and go to the site-wide-customization screen (I have a bookmark to it). You are forced to login again. If your PC usage regularly closes all browser windows and you use the site-wide-customization screen, you will have to frequently login and deal with the superfluous screen after the login.

My guess was that the site-wide customization screen used to honor the regular login cookie which does persist a long time and now it no longer does, it uses a memory-based cookie that goes away as soon as the browser is closed.

About 3-4 months ago some changes were made that force a relogin under some circumstances (which were never explained) Statements like this are patently unfair and would make a casual reader of this stuff think that we aren't responsive :D

John, there was plenty of conversation about this:

http://www.dgrin.com/showthread.php?t=106455 in this thread where I and bigwebguy explained - you may not have appreciated or liked our answer, but we were responsive to your queries. Maybe if Don has more he wants to add here, that's cool.

I know this one is a pita for customizers who access that page all the time - but our Sorcerers put this security measure in for everyone's protection. I'm really sorry I don't have a better answer for you.
Thanks!

Statements like this are patently unfair and would make a casual reader of this stuff think that we aren't responsive :D

John, there was plenty of conversation about this:

http://www.dgrin.com/showthread.php?t=106455 in this thread where I and bigwebguy explained - you may not have appreciated or liked our answer, but we were responsive to your queries. Maybe if Don has more he wants to add here, that's cool.

I know this one is a pita for customizers who access that page all the time - but our Sorcerers put this security measure in for everyone's protection. I'm really sorry I don't have a better answer for you.
Thanks!

If the logic for when you were forced to relogin was ever explained, I missed it. It sure look to me like you tried to end that discussion with this post (http://www.dgrin.com/showpost.php?p=934725&postcount=13). My takeaway was that you say it's a security thing and you're not explaining it any more than that.

That's why I said the circumstances that trigger the new login were never explained. Sure, there was lots of conversation and even a few people that said they'd "look into things". I just don't recall any information other than "it's a security thing".

FYI, there are still cases of people hitting the "Update" button in the site-wide-customization button, it going to a login screen and then after they login all the customizations they were trying to save are gone. There was a post about this happening to someone just in the last couple days.

I am not trying to turn this thread into an indictment of the extra login. Yes, it's a pain. I was living with it OK. It was OneThumb who raised this issue. I would like for it to be less annoying by getting rid of the useless landing screen after login. And, as I have said enough times, I'm uncomfortable with what feels like advertising in both the password prompt screen and the landing page after it. It feels out of character for Smugmug.

I just don't recall any information other than "it's a security thing".Yup - we are incredibly transparent, John - we tell lots of things out in the open - but some things remain Sorcery secrets! Thanks!

About 3-4 months ago some changes were made that force a relogin under some circumstances (which were never explained) when you go to the control panel. At the time there were lots of people asking about it in the forums and it was acknowledged by support personnel as a "security change" that nobody was willing to discuss further.

I also administer three Smugmug accounts and, while I generally try to keep them in separate browsers, I only have decent development tools in Firefox so I have to change logins sometimes for that reason. And, because I help so many customizers here at dgrin, I frequently need to see things in either the logged in state or the not logged in state. Thus, I'm seeing this all the time.

It's trivial to reproduce. Login, go to your site-wide-customization screen. Close all browser windows. Open browser and go to the site-wide-customization screen (I have a bookmark to it). You are forced to login again. If your PC usage regularly closes all browser windows and you use the site-wide-customization screen, you will have to frequently login and deal with the superfluous screen after the login.

My guess was that the site-wide customization screen used to honor the regular login cookie which does persist a long time and now it no longer does, it uses a memory-based cookie that goes away as soon as the browser is closed.

Oh, if you're talking about Site-wide Customization specifically, I'm afraid there are more security changes coming there that will make life even more difficult. :(

The big problem is that all of the sites that allow customization get bitten by self-propagating JavaScript virii. You're logged in, and you view an infected SmugMug page (either one infected with malicious intent, or one that has been silently infected in the way I'm describing), and the JavaScript on the page POSTs an update to your customization *in the background* without your even knowing it's doing so. Now, future logged in visitors to your SmugMug page will also get infected by you.

Most major social networking sites you can think of have been targeted in this fashion. Some of the virii have spread to infect millions of customers before it was detected. We decided we were going to fight it before it became an issue, and the "verify your login" page you are seeing is one of the two major steps we've taken so far. A 3rd major step is coming, I'm afraid, and it'll require you to enter your email address and password on the customization page itself to update your customization. (Like you now have to do to change your email address or password).

Re-verifying your login info on pages with mission-critical information (credit card, address, passwords, etc) is nothing new - Amazon makes you re-verify on almost any click that has to do with your user settings. We've taken the approach that only super-important pages (password, email, personal info, and customization) require this re-verification, but those pages aren't really open to debate - we need to protect our customers and their private data.

I'm sorry if this is a pain, but we really have no other options. We need to know, absolutely, that it's you before we show personal data or let you update something as potentially damaging as your customization. :(

Oh, if you're talking about Site-wide Customization specifically, I'm afraid there are more security changes coming there that will make life even more difficult. :(

The big problem is that all of the sites that allow customization get bitten by self-propagating JavaScript virii. You're logged in, and you view an infected SmugMug page (either one infected with malicious intent, or one that has been silently infected in the way I'm describing), and the JavaScript on the page POSTs an update to your customization *in the background* without your even knowing it's doing so. Now, future logged in visitors to your SmugMug page will also get infected by you.

Most major social networking sites you can think of have been targeted in this fashion. Some of the virii have spread to infect millions of customers before it was detected. We decided we were going to fight it before it became an issue, and the "verify your login" page you are seeing is one of the two major steps we've taken so far. A 3rd major step is coming, I'm afraid, and it'll require you to enter your email address and password on the customization page itself to update your customization. (Like you now have to do to change your email address or password).

Re-verifying your login info on pages with mission-critical information (credit card, address, passwords, etc) is nothing new - Amazon makes you re-verify on almost any click that has to do with your user settings. We've taken the approach that only super-important pages (password, email, personal info, and customization) require this re-verification, but those pages aren't really open to debate - we need to protect our customers and their private data.

I'm sorry if this is a pain, but we really have no other options. We need to know, absolutely, that it's you before we show personal data or let you update something as potentially damaging as your customization. :(

It at least helps to understand some of the rational behind this. Typing the auth information directly into the customization screen would be better than going through two additional screens like we have now. If you make it so my browser can remember it (while still preserving the security advantage), that would help too.

I do hope you don't ruin iterative javascript development though. If what you are doing will make it a pain to fix a javascript error, run the fix, fix the next error, run it, etc..., then I'd ask for some more thought into the implementation. Even the current situation isn't particular friendly to iterative javascript development and I hope you can solve this problem without making it worse.

Also, if this is going to come up more and more, I really hope you get rid of the post-login screen that makes you do another click. I can't see any reason why it's needed.

Also, if this is going to come up more and more, I really hope you get rid of the post-login screen that makes you do another click. I can't see any reason why it's needed.

Hello John, I'm really sorry we don't have a better, different answer for you about this. Onethumb explained this just above, here's his quote again:


I hate that page, too, but the browsers force us to do it. I'm sorry about that - but if we go from an SSL page to a non-SSL page without an interstitial, the browsers pop up security warnings that our customers are allergic to. I'm open to alternate suggestions, but every one we've heard in the last 6 years hasn't panned out.

I hate that page, too, but the browsers force us to do it. I'm sorry about that - but if we go from an SSL page to a non-SSL page without an interstitial, the browsers pop up security warnings that our customers are allergic to. I'm open to alternate suggestions, but every one we've heard in the last 6 years hasn't panned out. We used to just let them browse SSL pages for a little bit and let them switch on some other click, but we got lots of complaints about speed, so we had to figure something else out.
My pain point is when I hit a bookmark to my site customization or hit the site-wide-customization link. At that point you know exactly where I'm trying to go. You pop up the password prompt. I hit OK and then you process it. Why not just take my to my customization in https? No need for the extra page to avoid a warning.

Even the extra page you do have is horrible UI.

It looks like this:
http://content.screencast.com/users/jfriend/folders/Jing/media/799e8052-a5e7-4e50-89de-102a3d6825a7/2008-12-07_1505.png

When I hit this screen, it's offering me four options. None of them is what I want. I want the option for "Take me to where I was trying to go when this password prompt came up". You know exactly where I'm trying to go. Why ask me a confusing question that doesn't even offer an appropriate answer? Do you know how much mental work it takes to figure out what to press. That's why you would never see a prompt screen like this in normal PC software (Mac or PC). They use nicely worded buttons to offer you the choices with a default button highlighted.

One sad aspect of our current economic crisis is that most, if not all, companies are going to get more promotional simply as a means of staying afloat. We feel the same pressure. Our business is still strong, and growing more strongly than we expected given the dire nature of the market, but we have a responsibility to our customers and employees to keep it that way.

We realize that spam and advertising has a net negative impact on our business, but we're also told many times daily that we're blowing it with customer communication (not enough) and that we're losing business that way. Finding the sweet spot is an interesting exercise, and we're bound to make mistakes. But as you know, we listen and make course corrections.

So thanks for your feedback, as always!
This sounds a little ominous like you are considering even more revenue targeted promotional advertising within our Smugmug experience. My fear of that is 50% of the reason I spoke up on this one password prompt issue. I was worried that this could be the tip of the iceberg.

I absolutely hate advertising of all forms. I use some free services and I understand that they are "ad-supported" and I respect that. But, when I pay for a service that promises no ads (it's right in your promotional material), that's what I expect.

I see a distinct difference between information from services I belong to and advertising. It's not hard for me to tell the difference. If I'm subject to the same message over and over and, after seeing it once, it has ZERO further use to me, and it's easy to see how it's a direct revenue generating promotion for you with no further benefit to me once I've seen it, then it's easy to see it as just more annoying advertising which I thought we were free of inside of the Smugmug experience.

Up until now, the Smugmug experience has really been about putting all your energy into optimizing the experience for the customer and your customer's viewers. There are lots of other sites on the internet who's very business model depends upon advertising to their constituents and they are in a constant tradeoff space between best experience for the customer and best experience to drive incremental revenue from each customer (usually at some expense of best experience for the customer).

I sure hope you aren't headed towards the latter at the expense of the former. That's a slippery slope and once you head down that path, there are risks of lots of things starting to change. Some companies have become so focused on getting incremental revenue out of existing customers that they lose focus (as a company) on what they did in the first place to acquire and retain customers. I'm not saying you've gone anywhere close to this far, but your words give me pause to worry about it.

Hello John, I'm really sorry we don't have a better, different answer for you about this. Onethumb explained this just above, here's his quote again: Thanks. I had missed that posting. I've responded to it now.

I hate that page, too, but the browsers force us to do it. I'm sorry about that - but if we go from an SSL page to a non-SSL page without an interstitial, the browsers pop up security warnings that our customers are allergic to. I'm open to alternate suggestions, but every one we've heard in the last 6 years hasn't panned out.

There appear to be other solutions to this problem. If I go to Yahoo and get totally logged out. Then, click on the mail icon on their home page, it takes me to a login page. I login and hit Submit and it takes me right to email. The login page is https, the email page is http. There's no intermediate landing page and no browser warnings.

Same exact experience with gmail.

..... Which we had, and we'd emailed everyone who'd opted-in to our announcements, and we'd put on their homepages in the 'Quick News' box, and put on our homepage. But they were still asking us to offer them. The instant we put this on the login pages, our support requests evaporated. Now everyone finds out.

- Our customers (including you, I think?) ask us all the time to be better about announcing new features and important changes. The 'Quick News' announcements and emails aren't enough, so we've targeted the login pages as a spot where people just can't miss it.

Did we recieve an e-mail announcing the new cards??? I don't remember now... but I do know by e-mail is my absolute favorite way to recieve any and all anouncements - release notes by e-mail would be so way much sweeter I think but hey... can I have my cake and eat it too? LOL! With e-mail - I see it, read it, can save it, delete it, whatever I want and it's done.
BTW: The logon ad doesn't bother me... seems like it's just added to what I used to see anyways so whatever okay... just keep sending me the e-mails exspecailly asap when the new lab and die-cut wallets are available :thumb I'm dreamin of a sweet, sweet Christmas :lust

Anyone else bothered by this? As a user of SmugMug, I don't find this as advertising, it's information to me.

I just did a quick look at some of the services I use. Several of them had info on their login page. Yahoo, Google, Amazon, Verizon, At&T, DirectTv, MyBank.

I read what I wanted and dimissed the other. The next time I went back, didn't read any of it and it didn't even hurt.

I'm sure if I emailed them to complain, it wouldn't get a responce :D

Did we recieve an e-mail announcing the new cards??? I don't remember now...

Do you have quicknews preferences enabled for mail?

There appear to be other solutions to this problem. If I go to Yahoo and get totally logged out. Then, click on the mail icon on their home page, it takes me to a login page. I login and hit Submit and it takes me right to email. The login page is https, the email page is http. There's no intermediate landing page and no browser warnings.

Same exact experience with gmail.
Seconded. This is ridiculously annoying. I don't care about the ad on the login page so much, but the landing page drives me nuts. I don't think I've seen such a page on the internet in the last 5 years. Just kick me to the page I was trying to go to. Every time I go to login it makes me wonder why I have to deal with this. It takes me back to 1995.

Also, all the extra login requirements are annoying. You have a serious flaw in your design if me being logged in allows javascript on somoene else's page to change my customization. That is really shocking, I thought your system was better designed than that. There has to be a solution that does not involve (too much) extra work on my part. Maybe a captcha sort of thing? Those are bloody annoying, but at least less annoying than having to login each time. Or, have the login url vary by user account (in the same way you have the hash's at the end of the photo so you can't guess the locations), which can be time varying. Then, no random javascript should be able to guess the URL of my customization page. And shouldn't be able to make changes to the content.

-r

The info on the login page doesn't bother me, however I agree with jfriend that after I login, it should just send me to where I was attempting to go, like most other login pages out there.

I always wondered why we had to hit that landing page. My .02

Why not just set the redirect to .00001 sec instead of 10 sec.?

I hate that page, too, but the browsers force us to do it. I'm sorry about that - but if we go from an SSL page to a non-SSL page without an interstitial, the browsers pop up security warnings that our customers are allergic to. I'm open to alternate suggestions, but every one we've heard in the last 6 years hasn't panned out. We used to just let them browse SSL pages for a little bit and let them switch on some other click, but we got lots of complaints about speed, so we had to figure something else out.

Why not do an AJAX request through an SSL enabled method that verifies login - then redirect from there - no intermediate page...

*or* without the SSL, hash the password to MD5 on the client side, send it to the server as a hash, then compare the MD5 hash on the server side and redirect from there.

:dunno

In one of the classes during my MBA program, we debated an advertising free world. In the end, it just means that we would pay more for any given item than when you have advertising.

In this case, we do pay more. But at least for me, although I clearly recognize that this is a plug for services, it doesn't bother me. When I signed on for smugmug with the expectation of "advertising free", I really only had the expectation of avoiding the ever present sidebar/banner/pop-up Pay-per-Click type advertising. The kind that is randomly targeted, sometimes related to the website visited, etc.

Just like I proudly show my support of various products through their branded logos, I don't mind the wee bit of marketing smugmug is doing in the login. It doesn't feel like a slippery slope to me ...

As always, this is just MY opinion ... :D

And, YES! clicking twice to get where you already indicated you wanted to go, is just lame ... HMM, maybe when we vote, they should ask us twice, just to be sure ...

I don't like the ads and extra landing page either. I agree it's a good place for announcements but this is a bit too spammy.

Speaking of the log-in page, why do we have to uncheck to stay logged-in? This is backward to every other site on the planet. I once said SM seem to go out of their way to make things complicated and this is a perfect example.

`

Wow.....what a bunch of winers....like Andy said...."you damed if you do, your damed if you don't. Does not bother me at all!!!!!!!!!!!!!!

Wow.....what a bunch of winers....like Andy said...."you damed if you do, your damed if you don't. Does not bother me at all!!!!!!!!!!!!!!
:lol3 well, we do love the feedback from all folks :D We usually release, and release often - I wouldn't be suprised to see some refinements here, based on feedback on all of this! :deal

Speaking of the log-in page, why do we have to uncheck to stay logged-in? This is backward to every other site on the planet. I once said SM seem to go out of their way to make things complicated and this is a perfect example.

Unlike every other site on the planet, I don't have to check/uncheck *anything* to stay logged in at SmugMug. Since this is the 99% use case (people want to stay logged in), this makes a *lot* more sense than the rest of the sites on the planet.

So we're keeping it. :)

Unlike every other site on the planet, I don't have to check/uncheck *anything* to stay logged in at SmugMug. Since this is the 99% use case (people want to stay logged in), this makes a *lot* more sense than the rest of the sites on the planet.

So we're keeping it. :)

I agree. It's nice that staying loggedIn is the default behavior.

Unlike every other site on the planet, I don't have to check/uncheck *anything* to stay logged in at SmugMug. Since this is the 99% use case (people want to stay logged in), this makes a *lot* more sense than the rest of the sites on the planet.

So we're keeping it. :)

Staying logged in has never been a problem on other sites. I check it once and stay logged in for months. In fact, I have to log in more often at SM than anywhere else. The current situation here is confusing and risky when login in on a public computer because you have to remember to check it.

I think security is more important than a 1 second inconvenience.

My pain point is when I hit a bookmark to my site customization or hit the site-wide-customization link. At that point you know exactly where I'm trying to go. You pop up the password prompt. I hit OK and then you process it. Why not just take my to my customization in https? No need for the extra page to avoid a warning.

Even the extra page you do have is horrible UI.

It looks like this:
http://content.screencast.com/users/jfriend/folders/Jing/media/799e8052-a5e7-4e50-89de-102a3d6825a7/2008-12-07_1505.png

When I hit this screen, it's offering me four options. None of them is what I want. I want the option for "Take me to where I was trying to go when this password prompt came up". You know exactly where I'm trying to go. Why ask me a confusing question that doesn't even offer an appropriate answer? Do you know how much mental work it takes to figure out what to press. That's why you would never see a prompt screen like this in normal PC software (Mac or PC). They use nicely worded buttons to offer you the choices with a default button highlighted.


Unless we have a bug, the very first link, the one that says "the page you were viewing" is the "take me to where I was trying to go when this password prompt came up" link you're asking for. I've just tried a handfull of actions that required a login, every one of them that link, which is also the link you will be auto redirected to eventually, is the link I was trying to get to. If you know of a case that DOESN'T do that, please post it in the bug thread, as it is a bug.

Unless we have a bug, the very first link, the one that says "the page you were viewing" is the "take me to where I was trying to go when this password prompt came up" link you're asking for.
You're right, the first link takes you back to where you were when you requested the login. What we are all requesting is that you take us directly to that page.

For example, I'm trying to enter my site-wide customization. You request a password. That's fine. After I enter that password, please take me to the screen I was requesting when the password screen first came up. Why do you need to ask me where I want to go? I already told you that by clicking on site-wide customization.

--- Denise

The "advertising" so far doesn't bother me. I would be VERY concerned if this started showing up on my pages when others are viewing my photos. That would be a No-No.

As for the Log-in page, I agree with the majority here..it is a PAIN...and I don't log in everyday.

I do appreciate the Who's Who of Smugmug responding here and other places and actually hearing us out. That is very RARE indeed in this world. So Thank You.

The "advertising" so far doesn't bother me. I would be VERY concerned if this started showing up on my pages when others are viewing my photos. That would be a No-No.

We won't ever do this :deal

At least add a few breaks so the ads/news are not squezzed up against the links.
Too much too close together.

btw, I have NEVER gone to another page other then the one I was on. I've
requested in the past that a second link be added for the control panel or
customize page. Can not think of one reason why the "or return to
homepage" is needed, rather have go to control panel. Even better would be
the "go to control panel" would open in another tab.

i need these announcements...otherwise it would be many moons before i caught up with whats new and now offered...

now all i need is Photoshop tips of the day, and i would be even more happy.....

I just ordered a box of 50 cards from SM,
My wife was on her way to ordering them somewhere else when I remembered the "ad"
at it's current state it does not bother me but I could see it getting out of hand.

You're right, the first link takes you back to where you were when you requested the login. What we are all requesting is that you take us directly to that page.

For example, I'm trying to enter my site-wide customization. You request a password. That's fine. After I enter that password, please take me to the screen I was requesting when the password screen first came up. Why do you need to ask me where I want to go? I already told you that by clicking on site-wide customization.

--- Denise

Ok, now you've confused me. :scratch


I'm sitting in my control panel, on the setting tab.
I click the site wide customizations link.
The site wide customizations page starts loading (note the url bar changes)
I get redirected immediately to a login page. (the one with the new features pimpage everyone is up in arms about here)
I log in.
now I'm looking at the stupid interstictial page that Don says browsers require us to have... it has 4 links, the very first of them is "the page you were viewing"... this same link is set as the auto refresh url.
I click that first link.
I'm on the site wide customization page.


Have folks perhaps not tried that link and are just assuming that when it says "the page you were viewing" it means the previous page (settings tab in control panel in this example)? I'd really like to hope that's not what's going on here....... :dunno

Ok, now you've confused me. :scratch

I'm sitting in my control panel, on the setting tab.
I click the site wide customizations link.
The site wide customizations page starts loading (note the url bar changes)
I get redirected immediately to a login page. (the one with the new features pimpage everyone is up in arms about here)
I log in.
now I'm looking at the stupid interstictial page that Don says browsers require us to have... it has 4 links, the very first of them is "the page you were viewing"... this same link is set as the auto refresh url.
I click that first link.
I'm on the site wide customization page.
Have folks perhaps not tried that link and are just assuming that when it says "the page you were viewing" it means the previous page (settings tab in control panel in this example)? I'd really like to hope that's not what's going on here.......
I see the link. I've used the link. The problem is, I already told you where I want to go. And I really don't want to click again to tell you the same thing I already told you. (OK, I know, it's only one click. But it is annoying.)

I click on site customization
I am prompted for my passwod. I log in.
I see the same page that you see. And that's the page I don't want to see. I want to be taken directly to my customization page.I saw Don's note about the interstitial page. That's the page I don't like. I'm having a hard time understanding why smug is using this page and other sites simply take me to the page I said I wanted to go to before the logon popped up. I already told you where I want to go. As far as the browser warning pop-up when going from https to http - isn't there a browser setting to stop the pop-ups?

I just logged on to another site. I was on an http page, clicked "my" which took me to an https login page. I logged in and was taken immediately to the "my" page, again an http page. No warning. No intermediate page.

But - onethumb said this if we go from an SSL page to a non-SSL page without an interstitial, the browsers pop up security warnings that our customers are allergic to.Thing is, from the login screen to the customization screen is SSL to SSL, isn't it? Both are https: pages. Am I missing something here?

Yup, you're right. I guess I'm just going to have to accept that annoying extra click.

--- Denise

Something that's been touched on by a few people here but not commented on by SM is the length of time before auto-redirect. For all I can tell you could be lying about there being an auto redirect to the page initially selected because who the H-E-double-hockey-sticks can wait ten freakin' seconds for the page to switch? Why even bother with it? I can't recall ever sitting at an interstitial page (and, yes, I know there are many of them out there) for more than about three seconds.

You know, just to be sure I wasn't imagining that there was an auto-redirect I just sat at that screen for 23 seconds. 23. And those were long seconds. I may have even stopped a few times to express my incredulity.

For all I can tell you could be lying
Why would we ever lie?

I'll weigh in on this as another voice heard.

I don't mind this, it's not seen by visitors, and I'd rather see it here than in a separate email...and finally I understand the realities of business and regardless of what we may feel about advertising in general, most businesses depend on some sort of marketing to stay afloat.

My only suggestion would be that it's a little less 'in your face', but I don't mind it existing on the login page.
--Jim

I want to agree completely with this post--we are paying to have a service and should have the option to decide what is shown and what is not. If someone is OK with being advertised to then let them--but for those of us who are not, we deserve an opt-out. not only does it feel like "we need money" it feels very similar to all of the FREE accounts that we all despise.

Please give your paying customers the option NOT to see your advertisements.

I feel like Smugmug is now advertising to me. I know my viewers don't see this, but there are a couple things that bug me about this:

http://content.screencast.com/users/jfriend/folders/Jing/media/84140324-d123-4fe5-abe4-4002c5272896/2008-12-06_2142.png

First, I have no interest in cards from Smugmug. I've already received my holiday cards from the same vendor I've been using for the last 5 years. I'm certainly fine with Smugmug offering cards, I just don't need to be reminded about it several times a day.

Second, I hate this stupid screen that comes up after I log in. It's just a waste of time. Smugmug knows exactly where I was before I hit log in. Just take me there and don't make me click extra. Especially now, when I have to log in more often for the control panel. And, I work on multiple accounts so I have to log in to switch accounts too.

Third, why are you advertising to me? It feels like SPAM. I paid for my account. I don't want to see your promotional material when I don't want to. I'm fine with occasional notices on the homepage that I can dismiss after I've seen them, but I'm stuck with this every single time I log in. I'm fine with an occasional email announcing something new. But, this is just annoying. It's annoying that I have to go to this screen in the first place after logging in and now it's annoying that I have to see an ad for your cards everytime I go there.

This doesn't seem to be in the spirit of no spam, no advertising. I don't know quite why it bugs me, but it does.

Anyone else with any thoughts on this?

I want to agree completely with this post--we are paying to have a service and should have the option to decide what is shown and what is not. If someone is OK with being advertised to then let them--but for those of us who are not, we deserve an opt-out. not only does it feel like "we need money" it feels very similar to all of the FREE accounts that we all despise.

Please give your paying customers the option NOT to see your advertisements.Thanks for your mails at the desk, and I'm glad you posted here, too!

:wave welcome to Dgrin!

Why would we ever lie?

I was being glib... and I'm guess I should assume you knew that and were being glib, too?

I just went to my smugmug account because its time to renew and I need to update my CC. I go to my homepage, and click the link in it that sends me to "update [my] details in [my] account settings." I then get hit with a login window. I log in, and it goes to this landing page and just sits there. And sits there. (Still sitting there as a type this.) Why does this not take me directly to the page I asked to go to? The login page is a secure page, the account page is a secure page. Just take me there, don't make me click extra.

This "ad version" of the landing page didn't even give me a time that it would sit there. So, instead, logging in takes me to a page with a link to my homepage (the page i was viewing I was when I tried to log in), a link to my homepage, or not one, but TWO links to buy cards. None of these links imply that they go to the page I tried to get to, namely the one that lets me pay you money! Arg.

-r

This doesn't bother me in the least, it is so trivial.

We must all be running out of things to complain about :D

Did I just see a new log in screen?:D

... and a remember me check box. :barb

Did I just see a new log in screen?:D

... and a remember me check box. :barb

I see a new one. With no interstitial page any more in the few ways that I tried it so it just takes you to where you were trying to go! And the promotional material looks much more like announcements than banner ads. Much, much improved.

That was quick! Well done Smugmug. :D

I see a new one. With no interstitial page any more in the few ways that I tried it so it just takes you to where you were trying to go! And the promotional material looks much more like announcements than banner ads. Much, much improved.Yeah, we're trying to find a reasonable compromise so we can solve the #1 complaint about SmugMug (that we don't keep people informed about new developments) without offending too many eyes.

Yeah, we're trying to find a reasonable compromise so we can solve the #1 complaint about SmugMug (that we don't keep people informed about new developments) without offending too many eyes. The new one works for me! Thanks for the quick response.

Well guys you work so hard to keep your customers happy, I hope you have a restful weekend with your families.
Caroline

Hey everyone - login and logout.

Thanks for pushing the issues :D

:jfriend

That was quick! Well done Smugmug. :D
:D Thanks!

Hey everyone - login and logout.

Thanks for pushing the issues :D

:jfriend

Awesome job, makes me glad I renewed.

-r

Awesome. Great response guys!

Thank you! This change is very much appreciated.

--- Denise

Staying logged in has never been a problem on other sites. I check it once and stay logged in for months. In fact, I have to log in more often at SM than anywhere else. The current situation here is confusing and risky when login in on a public computer because you have to remember to check it.

I think security is more important than a 1 second inconvenience.

I am almost afraid to chime in here.....but I have not been logged out of SM in a very long time......talking months on my side here........so am I the exception to the being logged out thingy here......I mean if I close the tab to my site and then close the browser and reopen tomorrow and the clik my link inthe addy bar it is still open and signed in.............of course if I sign out then yes I must relog in......but dang I am logging in to yahoo at least every 2 weeks, ebay every 24 hrs, amazon every few hours.....SM is the only one I do not have to re-log on to when I visit my own site..........


just my own thoughts

.......SM is the only one I do not have to re-log on to when I visit my own site..........


just my own thoughts
This is how Smug seems to work.
If you close your browser logged in and reopen you'll be logged in but will have
to log in again going to any secure page.

This is how Smug seems to work.
If you close your browser logged in and reopen you'll be logged in but will have
to log in again going to any secure page.

I stay logged in for weeks on end, never need to log in again no matter what page I go to, secure or not.

I stay logged in for weeks on end, never need to log in again no matter what page I go to, secure or not. That is true as long as you never fully shut-down your browser. Close all instances of your browser and then you will be reprompted to login next time you go to your site-wide-customization page.

You are correct. Never seen that page before :huh

However...I just did this and end up on a blank black page after logging in again:scratch

I need to refresh and then FF asks me if I want to allow this page to be viewed...this never happened before...oh well, at least we don't need to see those pesky ads.