How does StackOverflow handle sessions?

About

Asked 7/6, 2015 at 8:40 Answered 28/11, 2021 at 12:19

I thought that my browser had to send a shared secret with every request. But after looking at the network inspector of Chrome, that seems not to be the case.

The secret seems to be stored in Local Storage as se:fkey (the format of the key seems to match [a-f0-9]{32},[0-9]{10}). However, I don't see it in the send headers:

enter image description here

How does StackOverflow know who I am?

Neela answered 7/6, 2015 at 8:40 Comment(3)

There are a number of cookies sent with most requests, for example usr – Goulash 7/6, 2015 at 8:47

Migrated back. Sorry you lost your votes. – Disjoin 27/6, 2015 at 18:50

You may find useful information from this answer. – Nickname 13/12, 2017 at 20:4

With:

The only cookie that's used for authentication - acct.
The fkey - a token for XSRF protection. See What is the fkey that's present on some pages and what does it do?. It's the value of an input with name="fkey".

Mane answered 28/11, 2021 at 12:19 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags