The facebook is coded in PHP and PHP was launched in 1994. But in PHP, there is a disadvantage i.e if we disable cookies (say in Facebook) the Facebook server will forget the person who has logged in previously and it will take to me that page when that application was launched for the first time. But in Java (JEE Edition, launched in 1999) we have a technique called “URL Encoding” using which we can still log in, even after disabling cookies. So we will show you this, via coding.
There are two videos to describe it.
In the first video, we delete the cookies of Facebook and try to log in again. But it redirected to me to that page, when that application was first launched. And as you can see in the video, the username and password are visible to me. As we delete cookies, the server forgot who you are and redirect you to that page when that application was first launched.
Now, we will show it using Java. Here is a simple program on hit-counter and from this we will relate, what is happening behind the facebook. We will also see the modification in this code.
Note: As this is a program of a servlet, therefore we need an application server to run it. Here, we will using “Apache Tomcat” and connected it with Netbeans.
Count is: 0 // The output in the chrome browser. // In apache tomcat log window. session object id is: 68EE34B33FCE6ACB8C1183A2FA8CCBBF session object is new: true
The output when we launched the application the first time.
Now, suppose we increment or decrement the value of a counter, session object id will remain the same but is it new user? No, therefore it will give me false. Now let’s see the output when incrementing the value of a counter.
Count is: 1 // Same alpha numeric string as above, because the // server has identified me with the help of cookies session object id is: 68EE34B33FCE6ACB8C1183A2FA8CCBBF session object is new: false
Note: Same thing happen with facebook. It will check, whether you are a new user. If “If session object is new” gives true, then it will redirect you to the login page. Otherwise, your facebook page will open and you did not need to log in again.
Now what if we delete the cookies of hitcounter (localhost: name of my server)
Note: The videos contains step by step explanation on how to delete cookies.
Now when we delete the cookies of localhost and run the hitcounter program again. The server will forget who is the user and will redirect to that page when that application was first launched.
Now see the output when we delete the cookies of localhost. After deleting cookies, whatever key we press (i.e increment or decrement) it will take to me “Count is:0” because it was the starting page when the application was first launched.
Count is: 0 session object id is: 7552ECB909E08330A345AF18915EE743 // Since we have delete cookies, the server will forget // the previous user and will treat it as a new user. // Therefore session object id is different from above // and "session is new" giving true. session object is new: true
Note: When we delete the cookies of facebook, we redirected to that page when it was launched for the first time and able to see the username and password.
In the second video, modification the code according to our actual aim. Even if we delete the cookies, we can still be logged in without logging again.
Count is: 0 session object id is: 74E551B3F2E36B74C09885DE6F2EFC67 session object is new: true
Again, if we increment the value, see the output
Count is: 1 session object id is: 74E551B3F2E36B74C09885DE6F2EFC67 session object is new: false
The real magic comes now. Now, we will delete the cookies of the localhost and increment the value of count. See the output
Count is: 2 session object id is: 74E551B3F2E36B74C09885DE6F2EFC67 session object is new: false
Now, if we delete the cookie, the server will identify me as “session object is new” giving me false. This is because now your session id is now getting passed through URL. That’s why it is named as “URL Encoding”. Now just relate it with Facebook. Even if you delete cookies, you will not need to log in again and your Facebook page will open.
- How to display logged in user information in PHP ?
- PHP | Cookies
- How cookies are used in a website?
- HTTP Cookies
- How to set, get and clear cookies in AngularJs?
- HTTP Cookies in Node.js
- What is Cross Site Scripting (XSS) ?
- Introduction to RSS(Rich Summary Site)
- What is Cross Site Request Forgery (CSRF)
- Top 5 Common Mistakes in Technical On-site Interviews
- HTTP headers | Clear-Site-Data
- Cookie Tracking and Stealing using Cross-Site Scripting
- Cross-Site Request Forgery (CSRF) Protection Methods and Bypasses
If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to firstname.lastname@example.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.
Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.