Vivaldi Social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Vivaldi Social is part of the Mastodon network and is hosted in Iceland by the makers of Vivaldi Browser. Everyone is welcome to join.

Administered by:

Server stats:

7.1K
active users

Server side sessions are still valid until you signal to the server to invalidate (destroy) them.

That’s why “signing off” isn’t remotely the same as deleting cookies, and that’s why jwt are fundamentally a bad idea, especially without expiration.

This meme is wrong. It’s the logical equivalent to saying that “extinguishing a fire” and “closing your eyes” are the same thing (as it makes the fire disappear to you), but that closing your eyes is just more convenient.

And what happens next time they load the site?

If the cookie was saved in any way (maliciously or not), they are logged in. That’s exactly the problem, thanks for pointing it out.

If they had “logged off” (or closed the session), no amount of cookie resurrection would log them back in: the server would refuse that cookie session the same way it would refuse an expired password.