Netflix doesn't logout other open sessions with password change

Brian H picture Brian H · Jan 24, 2014 · Viewed 27.7k times · Source

I've recently been doing a bit of web development so I've been thinking more about authentication and stuff. On Netflix I noticed there is an extra option on the Account page to de-authorize other devices. My girlfriend changed her password but I was still able to use it without re-entering the password till she logged out other devices.

So my question is how does authentication for Netflix work if it doesn't have to locally store your password?

Answer

DaImTo picture DaImTo · Jan 24, 2014

Netflix uses a version of Open autentication to allow a device to access an account. Once the device has been authorized it will then have access to that account until its has been deautorized.

Chaning password doesnt matter becouse the device has autorization already probably in the form of a refresh token stored someplace. So its not storing a password its storing an autorization token of some kind.

Lets use facebook as an example: (response to comment below)

https://www.facebook.com/settings?tab=applications

This shows a list of all the crap I have loged in to using my facebook account. Now I have probably changed my facebook password sevral times it wont matter I will still have access. Some of these are mobil apps i have installed on my cellphone at one time or another. Even if i dont use them they still have access.