cookies

Session And Cookies - How Does User Login Work?

Mohd Sohail

Dec 8, 2017 — 3 min read

Session And Cookies

Session And Cookies. Facebook, Gmail, Twitter, we all use these websites every day. One common thing among them is that they all require you to log in to do stuff. You cannot tweet on Twitter, comment on Facebook, or email on Gmail unless you are authenticated and logged in to the service. So how does it work? How does the website authenticate us? How does it know which user is logged in and from where? Let us answer each of these questions below.

gmail, facebook login page

How does User Login work?

Whenever you enter your username and password on the login page of a site, the information you enter is sent to the server. The server then validates your password against the password on the server. If it doesn’t match, you get an error of an incorrect password. But if it matches, you get logged in.

What happens when I get logged in?

When you get logged in, the web server initiates a session and sets a cookie variable in your browser. The cookie variable then acts as a reference to the session created. Confused? Let us simplify this.

How does Session work?

Session and Cookies

When the username and password are right, the server initiates a session. Sessions have a really complicated definition so I like to call them ‘beginning of a relationship’.

When the credentials are right, the server begins a relationship with you. Since the server cannot see like us humans, it sets a cookie in our browsers to identify our unique relationship from all the other relationships that other people have with the server.

What is a Cookie?

theitstuff official facebook page cookies

A cookie is a small amount of data that the websites can store in your browser. You must have seen them here.

So when you log in and the server has created a relationship or session with you, it takes the session id which is the unique identifier of that session and stores it in your browser in form of cookies.

What’s the Point?

facebook cookies in web browser

The reason all of this is needed is to verify that it’s you so that when you comment or tweet, the server knows who did that tweet or who did that comment.
As soon as you’re logged in, a cookie is set which contains the session id. Now, this session id is granted to the person who enters the correct username and password combination.

So the session id is granted to the person who owns that account. Now whenever an activity is performed on that website, the server knows who it was by their session id.

Keep me logged in?

websites keep me logged in option

The sessions have a time limit. Unlike the real world where relationships can last even without seeing the person for longer periods of time, sessions have a time limit. You have to keep telling the server that you are online by performing some of the other actions. If that doesn’t happen the server will close the session and you will be logged out.

But when we use the Keep me logged in a feature on some websites, we allow them to store another unique variable in the form of cookies in our browsers. This unique variable is used to automatically log us in by checking it against the one on the server. When someone steals this unique identifier it is called cookie stealing. They then get access to your account.

Conclusion

We discussed how Login Systems work and how we are authenticated on a website. We also learned about what sessions and cookies are and how they are implemented in a login mechanism. I hope you guys have grasped that how User-Login works, and if you still have a doubt regarding anything, just drop in a comment and I’ll be there for you.

Read more

Tech Titans Unleash Surprises: Elon Musk's Twitter Fee, OpenAI's DALL-E 3, and Cisco's $28 Billion Splunk Acquisition

Tech Titans Unleash Surprises: Elon Musk's Twitter Fee, OpenAI's DALL-E 3, and Cisco's $28 Billion Splunk Acquisition

In a surprising twist, Elon Musk, the man behind electric cars, Mars rockets, and a flamethrower, has now turned his attention to making money from social media. Specifically Twitter, which has recently been rebranded as “X.” Musk, known for creating controversy, made a shocking announcement during a live conversation with

iPhone 15 Delay Drama: Delhi Apple Store Goes Crazy as Super Excited Customers Get Rowdy

iPhone 15 Delay Drama: Delhi Apple Store Goes Crazy as Super Excited Customers Get Rowdy

In a strange incident at an Apple store in Delhi, two iPhone fans went too far when their iPhone 15s faced an unexpected delay in delivery. These two people, who are incredibly passionate about Apple products, decided to resolve the issue using violence. The incident happened at an electronics store

Top 10 Must-Have Apps for Linux: Boost Your Productivity Today

Top 10 Must-Have Apps for Linux: Boost Your Productivity Today

Discover the top 10 must-have apps for Linux that can significantly enhance your productivity. From powerful text editors to robust graphic design tools, these Linux applications will revolutionize your workflow. As a Linux user, you know that one of the biggest advantages of this operating system is its flexibility and

Downloaders for Linux

TOP 10 BEST Must-Have Downloaders for Linux Users

Looking for the best downloaders for Linux? Explore this comprehensive list of 10 must-have downloaders for Linux users that will revolutionize your downloading experience. From command-line tools to user-friendly graphical interfaces, these downloaders offer versatility and convenience. Get ready to optimize your downloads on Linux! Are you a Linux user