I think there is some confusion about the the log in / log off process at Lottery Post, and it may have something to do with a new security procedure.
The following is an explanation of how security works at Lottery Post. By understanding how it all works, you should be able to use the security to your advantage, rather than being confused by it.
When you login to Lottery Post, behind the scenes it generates a "security token" and sends it to your PC.
To imagine what a security token is, think of a combination lock -- the kind where you turn the knob right, then left, then right.
The security token is the combination to the lock (for example, "12 ... 32 ... 26" — but more much more complex in reality).
When you login, Lottery Post sends the security token [the combination to the lock] to your computer, and your computer stores it in a "cookie", which is nothing more than a small text file.
Every time you go to a new page, your computer is sending Lottery Post that security token [combination to the lock], and then Lottery Post checks to make sure the token is correct, and finally sends the page back to you if it's OK.
It USED to be that when you logged off, Lottery Post would simply make your computer forget the security token [combination] by deleting it from your cookie file.
The problem with the old approach is that all someone would have needed to do is to copy the cookie from your PC, and plug it in to their own web browser, and they would gain full access to your account as if you logged in on their PC. That's because the security token [combination of the lock] would never change.
Using the combination lock scenario, it's like closing the lock, but not spinning the dial to mix up the internal tumblers. If you close a combination lock without spinning the dial, most times you can just pull it back open again.
The NEW procedure adds additional security. Every time you click Log Off, two things happen:
- The security token is erased from your cookie file (as it was before), and,
- Lottery Post generates a new security token [combination], so the next time you login, Lottery Post sends you a brand new security token, and any previous security tokens are useless.
The new procedures are working perfectly now, thanks to one last bug I fixed last night. (The bug only happened in a small percentage of cases, but it was nasty nonetheless.)
However, the new security procedures do add one bit of confusion to those who use more than one PC.
The question, "Why do I have to keep logging in?" comes up fairly often.
Again, this only applies to those who use more than one PC. (I personally fall into that category, so it affects me too.)
The issue comes up in a scenario such as the following:
- A member logs in at home, and stays logged in when they leave for work.
- At work, the member logs in and uses Lottery Post just fine.
- Before going home, the member logs off at work.
- When the member goes home, they find their Lottery Post session logged off.
Why was the home PC logged off?
It logged off because when the member logged off at work, the Lottery Post server "turned the dial on the combination lock". It create a new security token for their username.
So when the person went home, their PC at home has the OLD security token, which of course is not valid anymore, so the member is essentially "logged off" as a result of their computer not knowing the new code.
When they login, their computer will be sent the new code.
For the member in the example above, the only way to avoid getting logged off at home would have been to stay logged in at work. i.e., Don't click the Log Off link.
But for me, if I was the member above, I would definitely click the Log Off link and re-log in at home, because I personally prefer the security of knowing that someone cannot copy my cookie and use it to login someplace else.
Hopefully this explanation will help you understand what is happening, and why. I tried to write it in a way that is non-technical. Try not to get thrown off track when you see words like "cookie" and "token". If these word throw you try imagining the concepts using real-world objects that you understand, like I did with the combination lock above.