this post was submitted on 14 Oct 2023
712 points (98.6% liked)

Memes

45558 readers
725 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago
MODERATORS
 

Self doubt stems from here.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 16 points 1 year ago* (last edited 1 year ago) (1 children)

Besides using session cookies, they can track user agent and IP address. The two in combination will be unique enough. There are further metrics to make a unique identifier, but I think this is sufficient explanation.

Edit: Seems like people who don't know how to program besides super default methods are downvoting me.

You don't need cookies to hold session ID. If you programmed in the earlier days, you'd actually even know cookie session wasn't even the most common method before. For example, session ID can be passed around in the URL as another query parameter. You can even literally turn off cookie option in sessions in languages like PHP (ex: https://www.php.net/manual/en/session.configuration.php#ini.session.use-cookies). These kind of practice is still relatively quite common as it allows greater flexibility and not have your session ID bound to a domain.

Furthermore, you don't have to be restricted by the confines of whatever existing tools you already have. Like in the example I gave at the beginning, you can create your own unique identifiers. You don't have to use preexisting concept of session at all. If you can create any unique key-value pair, you can track and keep data without the use of sessions. Programmers are hired to create things that never existed before, be more creative.