The Keep Me Signed In feature is very useful and friendly, especially when users go to your website at home pc. It's all about trust with a little risk, and usually implemented using encrypted cookie.<p>Say when one user has turn this sign on in his account on one PC, somehow there is a second user also want to turn it on. Which way do you prefer to go?<p><pre><code> 1. Do you allow the second user to have his own cookie? How?
2. Simply reject the second user?
3. Simply turn off the first user's automatic login since the PC is shared?
</code></pre>
If the second user opens the browser, he may be already automatically signed in the first user's account.<p>One possible condition is: both of accounts are belong to the same user, and he would like to use the second one as default auto-login, but does not want to turn it off from the first account. This scenario is rare, but inclined to choose the 3rd way.<p>How do you think?