Ole Ole - 1 month ago 9
HTTP Question

How does blogger.com know that it's me?

When I sign in with google and go to

blogger.com
(A google property)
blogger.com
knows that it's me. How does
blogger.com
identify me. Do I have to have visited it at some point and logged in, or does the browser send an identifier set by google to blogger.com?

Answer

The blogger.com main page pulls in an iframe from accounts.google.com where your login session with Google runs

https://accounts.google.com/ServiceLogin?service=blogger&hl=nl&passive=true&go=true&continue=https://www.blogger.com?rinli%3D1

and you'll notice that it does so using the passive=true flag which means that it won't prompt you if you're not logged in but it will silently return the result of this request to the caller, in this case blogger.com.

If you're not logged in the HTTP response is:

Location: https://www.blogger.com?rinli=1

if you are logged in it will be something like:

Location: https://accounts.blogger.com/accounts/SetSID?ssdc=1&sidt=<token>&continue=https%3A%2F%2Fwww.blogger.com%3Frinli%3D1%26pli%3D1%26auth...

where <token> represents your user identity in some Google/Blogger specific format.