By any standards The Punch Newspapers is a favourite of most Nigerians because it offers deep insight and objectivity in its publications hence I have been addicted to the Website to get the juiciest news. So it came to me as a shocker when a few months ago they decided that access to the hitherto free full News reports on the Website would be possible only on subscription.
Naturally I tuned off and went searching for some other free Online Newspapers to fuel my addiction to News. What I found lacked the rich content I had become accustomed to, so I swung back occasionally hoping that the Punch Business Managers would come back to reality(people ain’t gonna pay) and keep the market they are losing. Did they disappoint? I guess they didn’t, albeit in a queer way.
I had made an interesting discovery that at seemingly random clicks on links to News stories I would be able to read the full stories without paying a dime because the Login Page doesn’t come up. Instead the name and account expiration date of some registered user appears on the Web Page and I get to savour all the news story. If you clicked again you might get to see the Login Page and if you clicked again it went away.
I wondered if this was a twisted gimmick by the Newspaper but apparently it looks like a big security flaw in the Web Application which goes to promote lack of consumer confidence in E-Commerce Solutions in Nigeria. I mean why I should pay, when some other dude gets to read it for free and my identity cannot be protected. A Newspaper as big as Punch should know better than give their job to quacks to handle.
Appropriate and secure handling of user sessions is fundamental in Web Application Design; let’s always adopt the best practices. Phew!