According to the docs , Meteor doesn't use session cookies.
However, what's the meteor_login_token
cookie used for then? It looks to me like a session cookie, created after the user successfully signs in, and passed then to every request made to the server.
Session and Cookie are not a same. A session is used to store the information from the web pages. Normally web pages don't have any memories to store these information.
Sessions are more secured compared to cookies, as they save data in encrypted form. Cookies are not secure, as data is stored in a text file, and if any unauthorized user gets access to our system, he can temper the data.
Cookies are client-side files on a local computer that hold user information. Sessions are server-side files that contain user data. Cookies end on the lifetime set by the user. When the user quits the browser or logs out of the programmed, the session is over.
An example of a session cookie is a shopping cart on most e-commerce or online shopping websites. It stores the products the user has added to their cart. So when the user opens a new page, the products remain in the cart. Without session cookies, a user wouldn't be able to add multiple items to their cart.
Meteor definitely doesn't use cookies.
Do you have any additional packages with your app that could add this cookie? For example, fast-render has the ability to get data related to a user by sending the same login token using cookies.
If we take a look at their code, they indeed have a function setting a cookie named meteor_login_token
.
function setToken(loginToken, expires) {
Cookie.set('meteor_login_token', loginToken, {
path: '/',
expires: expires
});
}
This behavior is described in the security part of their readme.
If you're not using fast-render, you should definitely check any additional packages you may have that could add an additional cookie.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With