Howdy, folks! I’m Nick – I help run tech here at thurrott.com. I initially posted this message as a response to lwetzel‘s thread here, but I wanted to make this it’s own thread for visibility and to provide a space for dialogue. We’ve had some feedback recently regarding folks being required to log in more frequently, and while I’m not half the writer Paul is, I hope I can add some clarity to the intended function of our login system here.
When logging in to thurrott.com, if you do not click the ‘remember me” button underneath the form, your session (referring to the “connection” established between you, a unique user, and our server – as represented by a cookie stored on your browser) persists only until the end of your browsing session. That is, until you close your browser.
If you do click the “remember me” button below the form when logging in, your session will persist for 14 days.
There are, however, a few scenarios that could lead to session persistence less than 14 days – which I’ve outlined below.
If cookies are disabled in your browser you will be unable to maintain a session, as the string of text we use to identify and authenticate you can not be stored. This is an unlikely scenario, and will be extremely apparent across every site you visit.
If browsing in “incognito” or “private mode”, any cookies set during the session will be cleared at the conclusion of the session – regardless of use of the “remember me” button. Additionally, any session data set in “normal” browsing will not carry over to incognito or private browsing. These browser functions are more accurately described as “amnesia mode”, and if anyone from Google is listening please change the name and send a check.
It should be noted that as part of our mechanism to defend against session hijacking (an attack by which a nefarious actor either guesses, or more likely, intercepts the session cookie in transit and sends it back to us, thereby masquerading as you), your unique ip address is a component of the algorithm that generates a string of text (referred to as the “session token”) that’s stored in the session cookie. As a result of this, if your ip address changes, your session will no longer persist. Even if you sync browser data across devices, for example, between Chrome on your desktop and on your mobile phone, they must remain on the same network for your session to persist as accessing the site via an LTE connection will change your ip address.
For the curious and nerdy among us, you can explore these session cookies and their expiry data in chrome by navigating to chrome://settings/cookies/detail?site=www.thurrott.com.
As always, thank you for being a part of a community we love so much and sharing your experiences, both good and bad, with us.
Please feel free to reach out to me directly with any questions or concerns: [email protected]