EvilZone
Programming and Scripting => Web Oriented Coding => : fruitcake2212 January 06, 2013, 09:18:37 PM
-
Hi everyone
Not really sure if this is the right section to ask this...
On a website I noticed that even after I log out of my account my session cookie (that I noted down) was still valid. The server does not seem to destroy the session. Even when I close the browser, when I go back to the website and manually add my old cookie value, I'm back to my account as if I never logged out.
I find it weird as it is a session cookie and it is supposed to die when the browser closes.
Does someone know what would be the reason behind it? The server seems to never destroy its sessions.
-
You need to read more on sessions.
Cookies had expiration dates and they expire when the server tell your browser that the session is expired or the date expires.
The cookies doesn't have to die when you close the website unless the server was configured to end the session when a connected is lost.
That is how that "keep me signed in" button works. Usually some websites also have a time interval for how long you want to be signed in.
-
You need to read more on sessions.
Cookies had expiration dates and they expire when the server tell your browser that the session is expired or the date expires.
The cookies doesn't have to die when you close the website unless the server was configured to end the session when a connected is lost.
That is how that "keep me signed in" button works. Usually some websites also have a time interval for how long you want to be signed in.
Your right my bad. I misinterpreted this info : "Web browsers normally delete session cookies when the user closes the browser."
So it deletes the session cookie on the client side but not necessary on server-side.
Thank you