this post was submitted on 09 Jul 2023
15 points (100.0% liked)

Programming

13375 readers
8 users here now

All things programming and coding related. Subcommunity of Technology.


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 1 year ago
MODERATORS
 

I signed in with my Google account. I was looking at the cookies kbin sets and the user token REMEMNERME is only set to last for one week.

Does this mean I have to religion after a week?

If not, how does kbin know to keep me logged in after the REMEMBERME cookie expires?

top 4 comments
sorted by: hot top controversial new old
[–] vaseline@lemmy.fmhy.ml 44 points 1 year ago

You can stay atheist even after a week

[–] Max_P@lemmy.max-p.me 14 points 1 year ago

It probably gets refreshed periodically whenever you visit again, as long as you do so within a week.

[–] bocian67@feddit.de 3 points 1 year ago

I don't know how kbin login works and I didn't tested it, but here are my thoughts: the single sign on (like login with google) mostly works using the oauth2 workflow. You can use your favorite search engine and look for a nice wall of text for how it works. But basically the identity server (google) approves that you are who you said you are, and kbin uses an access token, for example a JWT token which includes your user information and the issuer, here Google. Kbin can ask Google for validity of the contents of that token, which kbin can approve against Google. So now you are logged into kbin using Google. This token has an expiration, and after that you have to login again. But since this is very inconvenient, there is also a refresh token. Using this token, google with give you a new valid access token with an expiration from now to whatever, let's say a week. This process happens in the back and is silent, so it works without entering your credentials, if it refreshes before expiration. If you don't login into kbin in that time window, you will probably have to enter your credentials again, because the tokens expired. Keep in mind that this summary is not very accurate since it's very simplified and describes the oauth2 process, not specifically what kbin and google are doing.

[–] midas@ymmel.nl 2 points 1 year ago

Maybe rememberme token is just for the checkbox on the login screen idk I use Lemmy