I was considering building an auto-login feature for an extension I'm working on, where a customer who clicks a link in an email will be automatically logged in to their account.
This would be really helpful especially when sending to older customers because there's a high change they would need to hit the forgot password in order to get logged in and make a purchase.
But on the other hand, it would open up some vulnerabilities that I'm not too excited about. If a customer forwards the email to their friend and their friend clicks the links, they'll also be logged in as their friend.
Granted you could try to educate your customers to not forward those emails, but that might be an uphill battle. The idea that forwarding a marketing email to a friend would allow them to login to your account unauthorized is not something people will get used to quickly.
Thoughts?
UPDATE: Just noticed that Quora does an autologin from it's comment notification emails.
Best Answer