posted 15 years ago
No (or not with the standard Realms, anyway), and I meditated on that for a long time when I first realized that.
However, there's a good reason to force login after registration. Two of them, actually, although I suspect there's more if one has to do with especially evil-minded hackers.
1. Forcing an explicit login ensures that the user entered the correct credentials. Otherwise you'd create an account, do your thing and come back in a week or 2 (YMMV) and not be able to login again because you'd botched something and didn't know about it. If you get an immediate usage of the login, you're more likely to be in a position to correct it, especially if you were already in contact with a support person.
2. By forcing an immediate login, the system helps cement the new credentials into the user's head. Memory reinforcement by repetition. Your desktop support people will probably be grateful, and speaking as a user, I've decided that it's actually kind of helpful, since I do frequently end up cooking up IDs and passwords off the top of my head.
In other words, it may be more inconvenient, but it's likely to reduce support issues. And it's not a lot inconvenient, when all's said and done.
Incidentally, in container-managed security, you don't "send" a user to a login page. Container-managed security secures application pages. If a page requires an authenticated user, it will front that page with a login demand. If the page doesn't require an authenticated user, it won't.
This is where a lot of the DIY systems fail. They assume that the only way a user will get to a page is via the approved route.
Experience keeps a dear School, but Fools will learn in no other.
---
Benjamin Franklin - Postal official and Weather observer
