How Does WOT Stay Logged in on This Site (Without Knowing My Password)?

Post Reply
X1alpha
Posts: 14
Joined: Sat Dec 29, 2007 12:03 pm

How Does WOT Stay Logged in on This Site (Without Knowing My Password)?

Post by X1alpha » Sun Dec 30, 2007 9:36 am

Hi everyone,

now that I've created an account on this website WOT offers to automatically log in. All nice and good since I can use the features for logged-in users right away. But seeing that I didn't give WOT my password for mywot.com, how does it log in? The two possibilities I came up with is that one, mywot.com looks for and identifier on my machine. If it's present and linked to an account it uses this identifier to log me in. At least when I use this machine. Mywot.com doesn't necessarily need a password. And two, WOT stored my password locally when I created my account on this website. If I remember correctly I didn't give it permission to do that.

How does WOT stay logged in on this site?

Greetings,

Sven

X1alpha
Posts: 14
Joined: Sat Dec 29, 2007 12:03 pm

Edit: WOT Uses Cookies - But is That All?

Post by X1alpha » Sun Dec 30, 2007 9:51 am

I didn't remember the logging-in information being part of the terms of service that WOT asked me to accept upon installation. So I checked the website and read about cookies in the FAQ. Alright then, it sets a cookie to automatically log me in.

When I manually delete private data (that includes cookies) e.g. with the shortcut Ctrl+Shift+Del the cookie is back when Firefox starts the next time. And seeing that I let Firefox delete cookies at the end of each session automatically - how does the cookie reappear? How does it know my login information?

Sven

Sami
Posts: 6987
Joined: Sat Oct 07, 2006 11:43 am

Authentication

Post by Sami » Sun Dec 30, 2007 11:37 am

When you install the add-on, it sets up a [url=https://www.mywot.com'http://en.wikipedia.org/wiki/Shared_secret' t=_self]shared secret[/url] with our servers, which is then used for encrypting and authenticating your requests to prevent eavesdropping and impersonation. The add-on doesn't know your password or even your user name, but uses the same shared secret for generating the authentication cookies it sends to mywot.com. The website then authenticates the add-on and looks up your account.

These cookies are set to expire after the current session, so Firefox always deletes them when you close your browser, and the add-on recreates them upon restart. If you disable the auto-login feature from WOT settings, the add-on stops creating the cookies and after you restart the browser, you won't be automatically logged in anymore when you visit our website.

X1alpha
Posts: 14
Joined: Sat Dec 29, 2007 12:03 pm

Re: Authentication

Post by X1alpha » Wed Jan 02, 2008 9:07 am

Thanks for the explanation, Sami! That clarified the issue.

Post Reply

Who is online

Users browsing this forum: No registered users and 4 guests