I've been searching quite hard for a detailed answer on this as there isn't much information about the specifics of the authentication schemes used. I believe it is some form of stateful server based authentication based on persistent cookies since the a logged in session will expire based on user activity, IP address and various other factors. The best I could find on SO was this question from 2015: How does google, facebook handle the user session?. Any solid details about how goes on in the background and how the scheme is setup would be much appreciated.
Asked
Active
Viewed 30 times
