Authentication cookie

A

Arne Garvander

I log in to my favorite site. I get an authentication cookie. I get
redirected to the default page.
I leave my site without loggin out. I got to some other website.
I go back to my favorite site's default page within 20 minutes.
My authentication cookie is still there and I can go right in!
My favourite bank site has the same problem.
 
J

Joe Kaplan

Why do you believe this is a problem? It sounds like you are seeing the
expected behavior of a session cookie in a web browser. They are held in
memory and are sent back to the site that issued them, depending the
parameters sent in the Set-Cookie header and the browser's security
settings.

The reason why many sites have a logout function is to clear the data in
that cookie so that it does not authenticate the user anymore. If you don't
execute the request that results in the cookie being changed, it will not be
changed.

Joe K.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

What language should I learn to create an authentication website? 2
Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
Authentication cookie security 2
Forms Authentication Cookie Expiration Problem for SSO 1
Windows 2003 Server, Web Farm, Forms Authentication, SlidingExpiration 0
forms authentication -- expired forms cookie vs. not provided forms cookie 2
Forms Authentication w/Site Redirect 0
Forms authentication cookie handling question (C#) 4

Members online

No members online now.
Total: 76 (members: 1, guests: 75)
Robots: 351

Forum statistics

Threads
473,995
Messages
2,570,230
Members
46,819
Latest member
masterdaster

Latest Threads

Top