>>colone+(OP)
So here is a question: my girlfriend only uses FB on her laptop, and always logs out when she's done. I usually make fun of her for doing this.
But does this mean most of the time that there was no active access token and she is mostly safe? (Excluding the windows of time where she was actively using FB) Do I have to take back all of my teasing?
>>kidsno+r5
This is something I would suspect doesn't actually happen. FB wants to track all of the user's browsing habits, so maybe they just make the actual FB UI look logged out? Security-wise, it would seem to be more complicated by their desire to never let a user be logged out, and looks like it's complicated enough it is biting them in the backside. Oops?!
>>dylan6+Wh
It’s not really that complicated, you have auth tokens and you have tracking tokens, and you wouldn’t want to mix them anyway because you also want to be able to correlate multiple accounts logged in from the same browser over time.