Well, you can't - because of the limitation of the http-protocol, which is based on sending requests to a central of some sort, often called a server 😉
What the server knows, all users requesting material may also know. What the server don't know, no other users may know.
But for other users than yourself to see the data, they must be stored on the server.
The server never contacts the clients on it's own accord - all updates must be fetched by a renewed request for material by the clients - manually, so to speak.
The server never stores any information about a request* either, all connections are severed when the page is loaded (ie. the server scripts has finished writing data to the browser).
So when you "log in" to a web page, you don't even do that. All that's happening is that you send some values with your request, the server processes those values, compares them with values on the server and returns authenticated material. Or not.
It also probably creates a unique value to be stored on the server, and tries to "store" it locally on your client as a cookie.
When the processing of those data is done, the server severes the connection again, and doesn't know who you are on the next request.
The only way to stay inlogged is:
1. Set a cookie with the auth values or sess_id
2. Propagate a session_id through the url
Http-protocol wasn't really made for authenticated requests, that's what's making it so fun to tweak it 😃
knutm :-)
* The server does store some info about requests in the server-log. Unforunately, that info doesn't suffice for authentication.
