Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

maintaining state without a cookie

I am trying to figure the workings of an IPB forum.

If I tick remember me, then I will remain logged in even if I close the browser and reopen it.

I am trying to workout how this is possible, as the only cookies that are set by the server expire at the end of the session, i.e. when I close my browser. So how does the server no how to resume the session, without using cookies?

edit: The session id cookie is set to expire at the end of the session, and I have my browser set to delete cookies at the end of the session.

This means when I close my browser(the session ends), the cookie should be deleted.

During the time my browser is closed, if I open up the same site in a different browser, surely the session should be resumed? This does not happen however.

Instead, if I open up my original browser, the session resumes.

The only other cookie set is a cookie called pass_hash, which expires as soon as it is created, and is sent by the server everytime a page is loaded. SO it would not be being used for authentication.

like image 363
Joshxtothe4 Avatar asked Aug 03 '09 01:08

Joshxtothe4


2 Answers

A sneaky alternative to cookies is the last-modified timestamp in an image or other object. The server can give you an image setting the timestamp to a value that identifies your session. When you load another page the browser sends an if-modified-since timestamp and gives you away.

like image 185
Kristoffon Avatar answered Sep 29 '22 07:09

Kristoffon


Use browser localStorage object. Example:

localStorage.setItem("lastname", "Smith");
var name = localStorage.getItem("lastname");
like image 27
Nikita Koksharov Avatar answered Sep 29 '22 07:09

Nikita Koksharov