Remember when there was no conventional logout option on Amazon? You’ve probably also noticed that Google and Microsoft sites try to keep you logged in, and services like Discord hide the logout somewhere hard to find

  • pinknoise@lemmy.ml
    link
    fedilink
    arrow-up
    2
    ·
    edit-2
    3 years ago

    your sessions should be gone anyway when you open it again

    Your session cookie will be gone, but your session is still valid until the server decides to invalidate it by a time-out. (Unless they save the whole session in the cookie)

    • Jojonintendo@lemmy.ml
      link
      fedilink
      arrow-up
      1
      ·
      3 years ago

      That makes sense. Would there be a way to re-use this same session if the cookie has been deleted though? I know that closing the browser isn’t ideal, but if both the cookie and the login session are needed, if you remove one of them it should be enough.

      • pinknoise@lemmy.ml
        link
        fedilink
        arrow-up
        1
        ·
        3 years ago

        Session ID’s could be stolen (XSS, malware) or guessed (bad implementation of the id generation). Sites that want you to be logged-in all the time know of that risk and will use (invasive) techniques to assess how likely it is that the use of a given session is legit. (GeoIP, Fingerprinting)