Persistent Logins

What is a persistent login?

When you sign-in, the server makes use of sessions to keep you signed-in. As long as you remain active, you will remain signed-in, but after a period of inactivity the session will expire and you will need to sign-in again. However, when you sign-in you have the option of clicking "Remember Me". If you select this option and the sign-in is successful, then a cookie will be used to keep you signed in.

How does a cookie keep me signed-in?

It does this by storing a cryptographically strong 128-bit randomised key in the cookie and a hashed version of the key in the database. When a session naturally expires and you refresh a page, or you revisit the website, then you would normally find yourself signed-out. However, if the server detects the presence of the cookie, then it will cross-reference the cookie with the database. If authentication is successful, then your session is renewed, you are issued a new cookie key, and the details in the database are updated.

Will this information be kept indefinitely?

No. The cookie has an expiration period. After this time it is automatically removed by your browser. In addition, the corresponding peristent login reference in the database will be automatically removed when the expiration period has elapsed.

When you click Sign-Out, both the cookie and the reference in the database for that persistent login are immediately removed.

Additionally, you can also visit your account page where you will be able to see which persistent logins that are currently active. You can delete any of these manually at any point.

What happens if I just close the browser window?

That depends on how your browser is setup. By default, most browsers do not delete cookies when you close the window. So when you revisit Project Euler the server will detect the cookie and as long as the expiration period has not elapsed, you will be automatically signed-in.

However, browsers can be configured to delete cookies when you close the window or you may be using an incognito session. In which case, the cookie will be removed when you close the window, but the database will now have a reference to a non-existent cookie with a randomised reference that you will not able to reproduce.

Fortunately, the database reference will be removed automatically when it expires or it will be overwritten if you exceed the maximum number of persistent logins.

What happens if I exceed the maximum number of persistent logins?

Each persistent login has a time stamp and it is automatically renewed when your session expires. So if you exceed the maximum number of persistent logins, then the server will delete the oldest reference first. This way your most recent persistent logins will be maintained.