?

Log in

No account? Create an account

Previous Web | Next Web

Baaaad Apple!

Hmmm..... I just ran into something a bit odd while I was faffing about adding Apple IDs to my KeePass store.

A Long Time Ago, In A Student Flat, Somewhere Down South......

Yeah; at some point, way back when, I ended up with two Apple IDs... not that they were necessarily Apple IDs back then; I *think* I had an account I used for accessing Developer-y type stuff, which I then forgot about, and later I signed up a different email address for my iTunes account.... and maybe at some point I *think* I remember Apple converted the Developer site logins into Apple IDs.... or something like that. I also, at some point, gained access to the Developer-y site using the originally-iTunes-only account.

Anyway; yes, two Apple IDs, which I've now transferred out of Firefox password management and into KeePass.

So far, nothing odd.

But then I managed to do something that I didn't expect I would be able to.... and which I did completely by accident..... I clicked on the "Account Settings" link on developer.apple.com, where I was logged in with the originally-Developer-y account.... and got sent to the Account Settings page on appleid.apple.com for the originally-iTunes-only account....

Now; I did work out that this was because I had signed in to appleid.apple.com using the iTunes-y account then logged in to idmsa.apple.com (the login portal for developer.apple.com), and so had managed to get into a situation where I had two tabs running on two different Apple ID sites using two different Apple IDs....

It just struck me as rather.... just *bad*, I guess, that whatever token Apple use to say "you're logged in" doesn't provide some sort of additional validation that you're logged in with the correct Apple ID before it gives you access to an Apple ID's Account Settings.....

And I was starting to wonder if I was just being reactionary because it was weird and unexpected behaviour, and that its actually to the point of not even really being sure that its a big deal....

To be honest, it probably *isn't* a big deal... afterall, to have access to areas that are of restricted access, I have to have left the Apple ID logged in... which means that even with*out* going though the idmsa portal, I can just go to appleid.apple.com/account/manage and I'm in the self same position...

It just feels really... *off*.

Maybe its because Microsoft's "Passport"... or whatever they call their Single-Sign-On these days... ("Live ID" perhaps...?) is just that; you can sign in to a single ID in a particular Firefox instance... if you want to access a different ID's email (for example), you have to go to another browser, start a new Firefox instance with a different Profile, or (my preferred option) open a Private Browsing window..... so maybe I'm just expecting a bit too much and its perfectly reasonable for a login through idsma.apple.com to NOT clash or clobber a previously-logged-in ID made through appleid.apple.com...?