Gmail accounts left open on other computers

[Sammy]

I opened my gmail on another computer, and did not log off. How long
will that gmail view be open and be able to be accessed? Is it
possible to know how many instances of gmail are open for any given
user??

[web...@gmail.com]

This is a good question, and I hope somebody here in the group is able to answer it properly.

I tried it right now; left my account here open, went to the other computer and signed in and out. Came back here, but no message that I was signed in on another computer, which is the case at Yahoo Mail.

Looking forward to reading the replies here..

Webby

 

--
one G-d, many faiths...one world to share

[Luka Kladaric]

if you haven't checked the 'remember me' option at login, you will be
logged off as soon as the browser closes...

if you have... hmm... weeks? months? :)

On 7/8/05, Sammy <tyul...@gmail.com> wrote:
>

--
Free Willy Wonka

[Shayne Seymour]

Now and then, I'll forget to sign out of gmail at work. I'll come
home and sign on with no problems. When I get to work the next day,
I'm still signed in.

I often sign on to the same gmail account on two machines at the same
time. Gmail has always handled it flawlessly.

--
www.shayneseymour.com
http://shaynereign.blogspot.com

[Steven McDougall]

I have been tinkering with session cookies for a loooong time now, mostly proof of concept hacking...

 

Anyway, if you havent set it to remember you then all you have to do to log out is sign in and sign out at any computer. It should end the session with the server. However, I haven't thought of testing it on Gmail...tell me how it works out for you.

 

[Luka Kladaric]

this is a completely false statement. for sessions to work the way you
say, the application has to put in extra effort. saying this is
standard behaviour could not be farther from the truth.

--
Free Willy Wonka

[Steven McDougall]

Well, logging onto a server with a 'session' wouldn't be much good if you could have multiple sessions on the same account at the exact same time...so insecure if it did.

[Luka Kladaric]

you need to forget everything you know about sessions, cause it's
obviously all wrong

sessions are browser-related. if an application wants to enforce one
session per username, it's free to do so... but sessions know nothing
of application users.

as for the 'insecure' factor... that all depends on what the
application does and how you want it to work

--
Free Willy Wonka

[Steven McDougall]

Well, in that case the only way I know of to end a session on another computer is to get the session cookie data (not the cookie) and inject it into one on a different computer then log off with that one. It should log off the other one because both the browser are using the same session. Sort of like a 'session hi-jack'.

[Luka Kladaric]

khm.

re-start.

a session ends
a) when the browser is closed
b) when no activity has happened in 30 minutes (the default for ASP
and PHP, as far as I know) or whatever time the server has been
configured to

what you're talking about isn't cookie sessions, it's auto-login
cookies and as far as I know, there is no way to cancel them remotely.
they contain the username and password and upon connecting to the
application, the user is automatically logged in (creating a temporary
login session)

some applications (like deviantart.com) will store a unique string
with the username and password in the cookie, making it impossible to
be permanently logged in from 2 locations. when you login from one
location, the cookie on the other location becomes invalid.

but, as I already mentioned, this is specific application behaviour.
in no way can you apply this knowledge on any other application
automatically.

--
Free Willy Wonka

[Sammy]

Apparently, multiple instances of a single Gmail account could be
opened and accessed at different locations indefinately.

[Sammy]

Will the accounts that are logged in remain logged in indefinately.
Can the number instances of that login be detected. If a password is
compromised, will changing the password impact the logged in instances
of gmail?
Thanks

[Nicky]

Well, first of all...shared cookies...lets say we are on a network and we use the same browser program the cookies will be stored and they will be shared so IE and Firefox diffrent parts diffrent logins...

[Fuzzy Logic]

Well, only as long as the cookie lasts. If you change the password on
one session, the password on the others changes too. They will be able
to see your mail, but not change the password unless they know the new
one too.

Still, this is a really bad situation.

Fuzzy

[Luka Kladaric]

you have to understand that it's not the same thing if you're logged
in and the browser is active on two locations and if you've logged in
selecting 'remember me for two weeks' and you're trying to log that
off

in the first case, there's not much you can do... the login session
will terminate with the browser

in the second case, it all depends on how the auto-login is
implemented. if it stores the username and password in the cookie,
then changing the password will disable the other location. if it uses
some other form of permanent authentication (shared token or
something), then it might be a bit difficult

Hope this helps

--
Freak out or get out