Y
Hacker News
new
|
ask
|
show
|
jobs
by
bombcar
984 days ago
I've always assumed that the server side stores as much information about the client as it can, so not just "username/password" but source IP, client headers, etc and somehow uses that as a "session token".