Ask HN: How does Quora auto login work?
The website automatically logins to my account without entering mail address and password. How does this work even though after restarting router, clearing cache & cookies of browser? Don't know, I do however have a problem with Quora that is probably related to whatever way they achieve their auto login. I have an Quora account, but at some point in time I accidentally clicked register instead of login, and now I'm permanently stuck in the registration process. Can't login, and the registration is impossible to complete, at least the last time I tried. Yeah and I tried to clear everything I could, but no dice. Does it work when you switch between browsers and do you happen to be on OS X? Something might live on in keychain/cloud whatever. They could potentially be using something based on this, https://panopticlick.eff.org May be with an ETag: ETag is for notifying that content has been updated, so how would you use the mechanism to log someone in? You can exploit the fact that HTTP caching sends the ETag back and forth. A server can set a crafted ETag and basically use it as a session ID. See [1][2] [1] http://security.stackexchange.com/questions/12679/how-can-i-... [2] https://github.com/lucb1e/cookielesscookies/blob/master/inde... May be you are using Gmail/Facebook login which is already signed in ? Nope - I get auto logged in via their links as well, but don't use any 3rd party auth. Are the links from the emails they send out? Might be a token in those links. I don't have any quora emails right now to check. The email links definitely contain tokens - not only will they log you in but the articles they generate on the page will reflect the order of articles in the email you received, as opposed to the most recent articles on your feed.