Journal junner518's Journal: Perpetual Sessions? 1
Recently I went to youtube.com from my secondary computer and realized I couldn't auto-login to the site. After logging in a few times across different computers I realized I could only be logged in on one browser at a time. But why? Is my security compromised by having a (hopefully) secure cookie across many browsers? Are there data issues? On my personal website, I implemented perpetual sessions with a few lines of php code. However many popular websites require you to log in for every session. Are perpetual sessions secure enough for everyday use on popular websites?
Security (Score:2)
It's the "hopefully" part of your hopefully secure cookie. Session cookies don't seem to be quite as secure as everyone hopes, especially on non-https connections, doubly so on sites with user-submitted content that someone may have worked out a way to add javascript that reads your session id cookie and sends it to them.
Thus, to prevent people from being able to use the cookie they get, the IP address of the user is stored on the server side within that session.
As for logging in from more than one compute