We’re now running the Beta 4 version of MovableType 3.0 here and things are going pretty well. The current method of handling TypeKey authentication works like a charm and for the first time the login process and display of the forms here at SEB works exactly as it should. Or rather it does if you’re using Mozilla/FireFox.
Under Internet Explorer 6 there’s still two outstanding issues with TypeKey, neither of which is really the fault of Six Apart, but I imagine they’ll try to address them just the same. One I don’t know if they’ll be able to work around or not, the other one is a definite maybe. The first issue is an annoyance at worst and it involves the warning IE gives you after signing into your TypeKey account about leaving a secure page for an insecure one. This is a security feature in IE and I don’t know if you can program around it.
The other issue again has to do with how cookies are handled. By default IE 6 blocks attempts to create cookies from a domain other than the one the browser is currently displaying and TypeKey gets around the earlier problem with cookies by creating them based on where you installed MT. Here at SEB that means the cookies are created by jenkinsonline.net (where I have MT installed) which is obviously different from stupidevilbastard.com and IE 6 don’t like that. If you have your blog setup on a different domain than where you installed MT and it’s set to only allow TypeKey authenticated comments then this means your blog will never recognize that someone has signed in if they’re using IE 6 and they won’t be able to comment. Here on SEB we’re set to allow both types of comments so things still work even with cookie blocking, but the sign in acts like it didn’t work and the wrong form displays. If you click on the little evil eye at the bottom of the browser and tell IE 6 to allow cookies from jenkinsonline.net then suddenly you’ll find the TypeKey login on our comments pages is working like it should and the proper form is displayed after login. If you use IE 6 here you can try this for yourself and see how it works. This is a problem that SA will likely work hard to resolve as it’ll be an endless source of headaches for them. Telling your visitors they have to change the configuration for blocking cookies isn’t going to go over well.
By comparison, using FireFox with the current solution is a dream come true. Not only does it not have a problem with the redirect to an insecure page or with cookies from a domain other than the one displayed, but when you get to the TypeKey login form it automatically puts in the user ID and password you last used on it allowing you to just hit enter and return to the comment form. Just one more reason to give up on IE in my mind.
There are two other minor nitpicks I have with the current TypeKey solution, but both are things I can live with. The first is it would be nice if the redirect would take users back to the comments section of the page instead of to the top of the page forcing you to scroll down. The other is it would be nice if the cookie for login lasted for longer than just the current browser session. You only have to sign in once at a blog to comment, but if you close your browser and launch it again you have to sign in again. I imagine there’s a good reason to limit it to the current session, but I’d prefer if it would last for weeks at a time instead.