Nov 13, 2010

Log out without internet

Assume you were on a public network surfing the net. You are logged in and suddenly the connectivity breaks. You are left with no option but leave the public computer. But what if connectivity later on gets enabled and the person on the system this time is not you?

What happens in most of this sort of situations is that he is authorized to use your personal account because last time when you were logged in, you did not get time to log-out due to no connectivity. How to tackle with this problem?

Many times, this can be avoided by simply closing your browser and reopening it. It ends up your last login session and starts afresh. But a better and safer way is as described below.

Most of the websites use something called "cookie" to identify your login session each time you refresh your page. A cookie is simply a text. The first time you open the website, it checks if your browser has sent any cookie to the website-server. If not, it means, you are still not logged in(1) and shows you the login page of its website. The website creates a random cookie with some identifier code (of course in text form) and sends it to your browser once you log in. Site also keeps a copy of that cookie with itself along with the date and time it was made. After you gets logged in, suppose you are refreshing the pages or surfing the different pages within the website, each time the cookie received by your browser is sent back to the website. If it matches with the ditto copy of cookie already present in the server, means you are still the authenticated user and it lets you continue the surf. Once you log out, the cookie is deleted from the server or your browser or both. So, next time you surf, no matching may take place and you are redirected to login page only. Some cookies come with expiry period after which, it gets wasted by itself and you are logged out automatically. Similar concept is responsible for a single login for many different linked websites. For example, Gmail, Orkut, Google and Blogger, all are linked. Hence, once you login to any one of them, you need not to login to other because they share the same cookie to identify you authentication. Similarly, logging out from any one of them deletes the cookie and you gets logged out from all of them.

Now what if you delete the cookie while you are browsing? Say, I am using Orkut and I have already logged in. I open different pages and each time the cookie is given a tally (which matches successfully if not logged out). Now if I manually delete the cookies, the next time I change the page, matching of cookie will be unsuccessful and I will be redirected to login page. It means my session has ended. Got an idea? Gotcha!!

So here is what we should do.
Situation: I am using a public Wi-Fi and suddenly connection breaks. I closed the browser window but I am still afraid if meanwhile my fiancee asks for my laptop and by chance, Wi-Fi also gets into connection, he may be automatically gets logged into my account even without knowing password because I could not logout last time I used the net.
Solution: I will manually delete my cookies. If I am not sure which cookies are for which website, I don't care. I will delete them all. (It is under the Tools->Options->Privacy for Mozilla Firefox)


When you click on something like "keep me logged in", it means that don't delete the cookies if I close the browser without logging out. If you uncheck it, it means delete all cookies as soon I close the browser window. And those like "keep logged in for 30 days" etc. send cookies which have an expiry date = your current date + 30 days.
Cookies are simple text of few kb, yet play magical role in our privacy handling :).

No comments:

Post a Comment