I am trying to figure the workings of an IPB forum.
If I tick remember me, then I will remain logged in even if I close the browser and reopen it.
I am trying to workout how this is possible, as the only cookies that are set by the server expire at the end of the session, i.e. when I close my browser. So how does the server no how to resume the session, without using cookies?
edit: The session id cookie is set to expire at the end of the session, and I have my browser set to delete cookies at the end of the session.
This means when I close my browser(the session ends), the cookie should be deleted.
During the time my browser is closed, if I open up the same site in a different browser, surely the session should be resumed? This does not happen however.
Instead, if I open up my original browser, the session resumes.
The only other cookie set is a cookie called pass_hash, which expires as soon as it is created, and is sent by the server everytime a page is loaded. SO it would not be being used for authentication.
A sneaky alternative to cookies is the last-modified timestamp in an image or other object. The server can give you an image setting the timestamp to a value that identifies your session. When you load another page the browser sends an if-modified-since timestamp and gives you away.
Use browser localStorage object. Example:
localStorage.setItem("lastname", "Smith");
var name = localStorage.getItem("lastname");
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With