how does remember me work.

closed account (Dy7SLyTq)
so, as i dont want to log out i dont know what this site calls it, but its a feature commonly called remember me or keep me logged. im confident you all know what im talking about. anyways, i thought it did it by ip, ie there was a database/table that kept track of your ip & username so that when that user tried to connect at that ip it would login automatically. i proved this to be untrue as when i come to work (i think) it still kept me logged in. however, and there is a good chance that im wrong because im still new to networking, my ip address is different one at work right? so how does it work then? does my browser have like some internal id?
AFAIK these things are stored locally. If you're using a browser that ties to an account (Chrome for example) then your passwords and what not are stored on a server so you have access to "remember me" features wherever you are
closed account (jwkNwA7f)
I had also thought they used my ip address. It has been a while since I have done web programming, but could they use cookies? It would be only for that one browser though.
closed account (S6k9GNh0)
Pretty sure it's cookies. There's a developer tool for Firefox that allows you to see the contents of this cookie. As far as I understand it, a hash is created whenever you log in. Whenever you re-visit, the website checks the cookie with the corresponding identifier. If it matches, you're logged in as the corresponding user.

Even further, I do remember experimenting in my high school by stealing cookies. You could copy a cookie off of a computer and spoof it... You can use it on another computer if the website didn't check for a similar IP (or if it's on a local network, it can check for a MAC address but this can be spoofed).

There's actually a challenge from hackthissite that I learned this from. tldr; if you care about security, don't allow cookies. :D
Last edited on
I think I just confirmed it is cookies. I used chrome and nightly and in one I was logged in with remember me and when I opened the other I was not logged in at all.
If you log into chrome with a Google account it will save your passwords etc. across any computer. Don't know about keeping you logged in though.
Yep , those are cookies.

http://en.wikipedia.org/wiki/HTTP_cookie

Basically sites would store a cookie on your computer containing information like your session id , user id etc.
You can view what cookies a webpage or website stores by writing this on your address bar :
javascript:alert('Have a cookie : ' + document.cookie).
and you will get a really ugly and cryptic pop up of your cookies of that site.
I've noticed that some sites stay logged in over all 3 connections I use, and others log out as I go to other connections, and kind of a side note, When I view a post on this website and the "new" tag goes away, even though I stay logged on to the site, the "new" tags return when I go to another connection. Just thought that was kind of weird.
Topic archived. No new replies allowed.