I'm not sure that's right.
I stay logged on at home, and log off each session at work (um...I'm mean...I would log off each
session at work IF I played at work. Of course I don't. Yeah, yeah, th at's the ticket, I never play
chess at work. But if I did.....). Logging off at work doesn't end my session at home.
This is not due to saving passwords, since I never ever ever do that, even at home....
What I don't know - and was hoping the Benificent Gods of RHP would clarify, is whether each
transaction between RHP and a given client/computer/user includes password info.
My crude understanding of how all this works, is:
1) You go to RHP on a given machine. If there is no information in an RHP-specific cookie on that
machine about who was last logged in (generally you), RHP asks you to login in. So you login, and
RHP saves a cookie on your machine with at least info to identify who you are, possibly encrypted
so others can't look at what information they are saving.
2) each time you make a transaction with RHP (making up lingo here...), ie visit a game, make a
move, etc, ie each time you send and recieve info from RHP, info from the cookie is sent to RHP to
Id who wants what. Make a move, and hit the move button, and my browser sends a message to
RHP that is essentially "Hi, I'm so-and-so (info from the saved cookie), and make this move in this
game."
3) IF and WHEN you log off of RHP on that machine, the cookie is destroyed, wiping out the info
THAT machine. But if you just quit the browser, without logging out of RHP, the cookie is saved. If
you don't log off of RHP, then next time you, or anyone else using THAT machine goes to RHP, the
identity from the stored cookie is sent to RHP.
OK, now this is where my question comes in:
If the info sent by the cookie each transaction is just "who I am" - ie the verification of the of the
password only occurs during login, then I don't see how one can ever kill off a login from a lost
machine.
If on the other hand, the cookie sends "who I am" AND "my password is" each transaction, THEN
changing passwords from another machine WOULD make make transactions from the old machine
invalide - essentially RHP would recieve a wrong password, and reply back "whoops, that password
doesn't match - try again".
So the question is - which does RHP do?
Of course, all this blathering depends on whether or not I have ANY idea about how the info in
cookies is used. All the above may just be BS.
I'd be curious if any who ACTUALLY know can clarify.
MAG