Do You Know Why You Get Logged Back In After Logging Out?

웹프로모(WebPromo) - 미국 한인 커뮤니티·블로그 플랫폼

계속 진행할 경우 웹프로모의 이용 약관에 동의하고 개인정보 처리방침을 이해하는 것으로 간주됩니다.

또는

Created on 06/23/2025
share Share

Chicago, Illinois link

I work in digital marketing. Since I log into website admin pages several times a day, I have used almost every CMS, from WordPress to Shopify to GodoMall and Gnuboard.

However, sometimes I have a rather strange experience. I clearly press the 'logout' button, but about 30 minutes later, when I enter the admin address again, the dashboard opens directly without a login screen. This happens especially often in Chrome.

I am a bit concerned about security, but it turns out this is not such a strange phenomenon.

First of all, logging into a website is not just 'I logged in~ done!' as we think; there are various pieces of information moving behind the scenes.

Usually, we maintain the login state using something called a 'session cookie', which is stored in my browser.

And session cookies are supposed to disappear when the browser is closed, right?

However, modern browsers are a bit different. Browsers like Chrome and Edge temporarily remember session cookies even if you close a tab or even the browser itself. So, the login state does not disappear immediately.

Another interesting point is that even if we think we have 'logged out', the server may still be maintaining the session.

In systems with many plugins like WordPress, even if you press the logout button, the session information remaining on the server can last for several minutes to several tens of minutes. Especially if the 'Remember Me' feature is enabled, it will last even longer.

It is also common for servers to set the session timeout to about an hour, so it is not particularly unusual.

So, the login state is maintained by session cookies. The browser remembers this session cookie for a certain period. Ultimately, even if you logged out, if the server does not completely terminate the session, you can access it again without logging in.

That's why it is quite common to be able to reconnect within an hour. Of course, for sites where security is important, it would be safer to set a shorter session duration or to delete cookies upon closing the browser.

If you are worried about this issue, it may be a hassle, but you can access important admin pages in 'Chrome Incognito Mode'.

Incognito mode automatically deletes cookies and cache when the browser is closed, so you must log in again to access it. This definitely seems better for security.

If you have ever thought, "Huh? I clearly logged out, but why am I logged back in?" like me, check the session settings of your browser and server.

Real logout is something that is shaped by our usual habits :)

Read in Korean

DISCLAIMERS: This blog post was written by the author and reflects their personal views and opinions. The author bears full responsibility for the content, and WEB PROMO does not guarantee the accuracy, completeness, or reliability of the information provided. WEB PROMO assumes no liability for any outcomes or consequences resulting from the use of this content. In the event that any content—including text, images, or videos—is determined to infringe upon copyright or other legal rights, WEB PROMO reserves the right to remove the content without prior notice.