Home/ Questions/Q 6721581
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T09:20:48+00:00

I noticed something very interesting this afternoon – when I clear my browser cache

  • 0

I noticed something very interesting this afternoon – when I clear my browser cache and cookies, Twitter immediately signs me out.

I assume they are polling for an authentication cookie every second or so via Javascript, and signing out users if the cookie is missing. Any other guesses as to how this is done?

Since this is my first encounter with this behavior, I’m wondering how common it is, the best way to accomplish it, and any security concerns one should have when implementing it (if any).

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The only way any site knows that you are logged in is via a cookie that your browser sends on subsequent requests. If the cookie no longer exists then by definition you are no longer logged into their site.

    I’m not exactly sure what you are asking regarding the “best way to accomplish it”.. Best way to accomplish what exactly?

    If your asking what the best way is to accomplish keeping a browser logged in via a cookie, then it boils down to storing a session or user id in the cookie. Session ID is much preferred as it is a different value for each “session”.

    Regarding how common using cookies for security is: they are pretty much everywhere. The only time cookies aren’t used for storing your session id is if the session id appears in the query string.

    Now onto security concerns. Usually those cookies have a very limited lifespan, that to your browser session so that when you close the browser the cookie expires. If the site is ssl enabled then the contents of the cookie are encrypted as they pass over the wire. If not, well, you don’t have any defense against man in the middle or packet capture attacks. (look up firesheep).

    • 0