Saving cookie-free state

Question

Saving cookie-free state

I am trying to understand the operation of the IPB forum.

If I write, remember me, then I remain in the system, even if I close the browser and close it again.

I am trying to figure out how this is possible, since only cookies set by the server expire at the end of the session, i.e. when I close the browser. So how can a server not resume a session without using cookies?

edit: cookie id session id expires at the end of the session, and I have my browser installed to delete cookies at the end of the session.

This means that when I close the browser (end the session), the cookie must be deleted.

During the closing of my browser, if I open the same site in a different browser, do I need to resume the session? However, this does not happen.

Instead, if I open my original browser, the session will resume.

The only other set of cookies is a cookie called pass_hash, which expires as soon as it is created and is sent by the server each time the page loads. SO will not be used for authentication.

+4

cookies session forum

Joshxtothe4 Aug 3 '09 at 1:49

source share

6 answers

Kristoffon · Answer 1 · 2009-08-03T03:26:58+0000

An alternative to cookies is an outdated timestamp in an image or other object. The server can provide you with a timestamp image, a value that identifies your session. When you load another page, the browser sends an if-modified-since timestamp and gives it to you.

Nikita Koksharov · Answer 2 · 2012-04-25T14:47:08+0000

Use the localStorage object. Example:

localStorage.setItem("lastname", "Smith"); var name = localStorage.getItem("lastname");

Tyler carter · Answer 3 · 2009-08-03T01:52:53+0000

Cookies are usually saved after closing the browser. If you use PHP check set_cookie or if you use sessions check session .

 // Set Cookie setcookie($name, $value, $expire) // $expire is the time in seconds since Unix Epoch (see [time()][3]) it will stay alive // Session session_set_cookie_params($lifetime) // $lifetime is the seconds it will stay alive in seconds

Etzeitet · Answer 4 · 2009-08-03T01:57:49+0000

Session information is not necessarily destroyed when the browser window is closed. For example, in PHP you can save session information in a database, and you can save it after closing the browser and ending the initial session.

Another way I can think of is to check the box in the Users table, indicating that the user is still logged in. Perhaps the table has a field called logged_in, and you can set it to true. After some time [i.e. You will not return] it will reset back to false.

Colin coghill · Answer 5 · 2009-08-03T03:10:11+0000

There are several places to hide session information other than cookies.

session key in url ( http://example.com/app/234348738790/main )

session key as a GET variable (? sess = 257892345)

session key as a POST variable (input type = 'hidden)

save it to local storage in browser

use javascript with any of the above methods to report session information to the server.

Amber · Answer 6 · 2009-08-03T01:52:48+0000

It seems to me that you just missed the cookie (or misunderstood / did not understand when it expires), but an alternative possibility may be that it stores the remote address stored in the database and automatically creates a new session for it for the second visit. However, this would be a pretty bad decision, both from a security point of view, and because of NAT, etc., Therefore, I doubt what IPB does.

Saving cookie-free state

More articles: