How does Stack Overflow's login system work?

I'm implementing a login system very similar to that of Stack Overflow in one of my websites.

When we login to Stack Overflow, it creates a cookie named usr with some value.

If I delete this cookie, I will be logged out...

So, all that I can think is that it uses something like sessions, but in the database, to rec开发者_StackOverflow中文版ord the user sessions.

Is this right? Is it secure?

It's much like any other properly built login/session system. When you log in, the SO system generates a pseudo-random string to identify you uniquely - the session ID, which gets sent out via a cookie. When you return, the cookie is sent back to SO.

SO then takes the value in the cookie, looks up in its session system (could be flat files, could be a database, you just can't tell), finds the session represented by that session ID, and loads it up to process the request.

Deleting the cookie severs the link between you and the site - on your next visit, the session cookie (which you deleted) isn't sent, so SO has no way of identifying you, so it assumes a brand new user, and doesn't show you any of the "logged in" portions of the site.