Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How do websites keep you logged in

Quick Question: When you login to your account on a website what does it do to keep you logged in so you don't login again and again when you visit another page?

like image 702
user7339340 Avatar asked Dec 25 '16 09:12

user7339340


2 Answers

Cookies and Session are some of the traditional ways that authentication details are stored in browser. However through these approaches server has to keep track of logged in users and their cookies to validate. So there is some server operation in managing logged in users.
However there's a new approach known as JSON Web Token aka JWT. Here server will generate an user specific token and sends into browser client on logging moment. Browser will store this token in HTML5 Local Storage or Session Storage and will be sending this token with every request!
So here for every refresh browser code can check for the availability of this token in Local Storage or Session Storage. Advantage of this approach is that the server doesn't have to keep track of issued token and is able to extract data from token if needed.
This JWT is widely used in authenticating Web applications developed using advanced Javascript frameworks : Angularjs or Reactjs(with supporting libraries)

like image 53
udarabibile Avatar answered Oct 13 '22 17:10

udarabibile


Browsers will keep you logged in by using some sort of browser storage. (for example cookies or localStorage or...). This data is called session data.

Html pages are stateless, that means when you refresh a page, all data that came from the server previously, are removed, and have to be requested again.

Now to request a protected page, there has to be a way to tell the server that you are the user that is logged-in a few minutes ago! This is done by storing some encrypted data in browser, usually in cookies.

Browsers are designed in a way that automatically send a specific page's all cookies to server when the page is opened. Server has the exact encrypted data in files or database and compares it with browsers data. if they match, server will allow protected content to get viewed by user, so will send the requested content as response.

you can simply test this by clearing your browser cache after login and then refresh, you will see that you are logged out, and not allowed to see protected page.

like image 40
Ahmad Mobaraki Avatar answered Oct 13 '22 17:10

Ahmad Mobaraki