After I've requested to remove my Coursera account through support (because I wasn't able to remove it through the web interface) and they've sent me an email that my account is deleted, I was still logged in.

The only change was the user name (to "Deleted Account").

The email was still there, and I even changed my email and when it asked for a password... it showed that password is correct and I've even received notification on a second email.

Support told me some about "just clean cookie", lol. Sure, that how it works ¯\_(ツ)_/¯

Just to let you know that it looks like Coursera does not remove anything.


Wow welcome to proper web app design 🤦‍♂️

@kravietz, and I'm still able to reuse old cookie (I've saved curl command with developer tools) and command clearly shows that my password still in the database because If I call API for account removal with the right password it returns one error code, and if the password is wrong then it returns "errorCode: Unauthorized".


I was just thinking about it and the only situation when this cookie could indeed work would be if their auth is based on client-stored JWT. But this is clearly not the case with Coursera as they have pretty extensive user profiles etc.

Maybe they have some kind of internal identity management solution that is separate from the main web app which is managed separately which is the reason for at least temporary retention even if you delete account.

In any case, it's messy :)

Sign in to participate in the conversation
Mastodon is yet another mastodon instance.