How does StackOverflow handle sessions?

Question

I thought that my browser had to send a shared secret with every request. But after looking at the network inspector of Chrome, that seems not to be the case.

The secret seems to be stored in Local Storage as se:fkey (the format of the key seems to match [a-f0-9]{32},[0-9]{10}). However, I don't see it in the send headers:

enter image description here

How does StackOverflow know who I am?

There are a number of cookies sent with most requests, for example `usr` — marekful, Jun 07 '15 at 08:47
You may find useful information from this [answer](https://meta.stackexchange.com/a/64274). — reformed, Dec 13 '17 at 20:04

score 0 · Answer 1 · answered Nov 28 '21 at 12:19

0

With:

The only cookie that's used for authentication - acct.
The fkey - a token for XSRF protection. See What is the fkey that's present on some pages and what does it do?. It's the value of an input with name="fkey".

answered Nov 28 '21 at 12:19

double-beep

5,031
17
33
41

How does StackOverflow handle sessions?

1 Answers1