3

Recently I realised that any medium.com-backed website (say https://medium.freecodecamp.com) persist my session across domains. Even if I only visit the domain for the first time, I still see I am logged in.

Do you know what's the mechanics behind this and how can I achieve something like this with ruby on rails?

Thank you

Yanis
  • 4,847
  • 2
  • 17
  • 17
  • What's interesting is that setting Do Not Track (which is voluntarily adhered to by websites) disables this feature, but disabling third-party cookies does not. There's no intermediate SSO domain performing a redirect, nor are there any iframes on the page. However, when first loading the other medium domain (e.g. theringer.com) after first logging in on medium, there is a GET param with a key of "gi" and an alphanumeric value in the URL (theringer.com?gi=ce566be82f2c). The only conclusion I can come to is they're using server-side device fingerprinting of some kind.... But that seems risky. – Erve1879 Jan 19 '17 at 20:10

0 Answers0