Or how to get what you want without cutting code...

I have a Drupal 5-based website for use by my extended family and friends to keep up with my own family while we are overseas. Most of them are far from being sophisticated web users, and seem to be having a challenging time remembering how to log into my site. So what I needed was a way to get them onto the site once and then persist their sessions for a period of time.

The latter half of that equation is not too hard. There are several methods, including a couple of modules, available to do it. The best choice in my view is Barry Jaspan's excellent persistent_login module.

Getting them to the site and logged in without trouble was a bigger challenge, especially since I'm 5000 miles and 8 timezones away from them. What I imagined would be perfect would be a URL I could email them which would log them in and would not be a one-time use only URL, such as the core password reset feature provides.

But what if I used the two features together? Would persistent_login continue to work even if the initial login was from a one-time URL? Would the user be forced to change his password? Why not try it and see?

Eureka, as they say. It worked fine. The first authentication was done by the one-time URL and the subsequent authentications were handled by the persistent_login. A stroke of luck, I'd say, since it's certainly conceivable that Barry could have written his module to stay out of the way when such a URL was used.

Now all I needed was an easy way to send such URLs to all my users via email. No problem -- the one-time login links module to the rescue.

I worry a bit about someone using the URL at another computer than where they will most often want to visit the site, e.g. work or coffee shop, but amongst my users, that shouldn't be much of a problem.

This trick does decrease the security of my site, but since the only reason I even have user accounts is because I want to retain some privacy for my family, it's not too critical.