I posted this issue in a very old thread from 2008 recently (http://www.delicious…..ment-form/). Maybe not the best place, so I will refrase and repost.

When using cforms as a commentform, a cookie is set to store name and emailadress for the users convenience, so that – upon posting a new comment – he/she won't have to fill in these data again. That is convenient, but also – in my humble opinion – a security issue. What if someone writes a comment on a public or otherwise shared computer. No one will delete cookies after having written a comment (if only they knew), so any next user may write whatever under the previous user's data. Without wanting to start a discussion, the users convenience is of very relative value here as every browser makes suggestions upon typing the first character in the field. So even Nebukadnezar should have little trouble filling in his name for the second time.

I find cforms a better option for a commentsform, but this is an issue. I have two questions:

1. Oliver, could you please in the next version make the cookie an option which can be turned on or off

2. In the current form I am hesitant to use this form. What would be the best way to currently disable the cookie (either read or setting), in a way that it won't break with a next release of cforms?

I would really appreciate a response.

Thanks,

John Mulder