A warning is spreading across Facebook that claims users should go to their Active Sessions settings in their Facebook account to check for lurking hackers.
Note that for desktop users, the Active Sessions section is the “Where You’re Logged In” section.
An example of the warning can be seen below.
Despite the assertions made in the warning, it is utter nonsense, authored by someone with no understanding of computer security or how website sessions work.
Basically, every time you log-in to your Facebook account from a different browser or difference device, it creates a session that essentially tells Facebook that you’ve logged in. Without an active session you’d likely need to log back into Facebook after clicking every link – not something you’d want to do! An active session doesn’t mean it represents a session that is actively (i.e. currently) on your Facebook account.
You can create more than one session per computer, if you’re using different browsers. You also create sessions via your smartphone if you use it for Facebook. A session remains active unless you specifically log-off Facebook on that device. Simply clicking the Close button on the browser, for example, does not necessarily mean that you’ve logged off Facebook and the session may remain active.
The chances are that you will have more than one active session open, if you use Facebook often. If you don’t recognise a location given for an active session, it is worth noting that Facebook uses approximate locations based on the IP address which are not always accurate, and it’s also worth remembering that the IP address used by a mobile phone can vary depending on where you are. (Read this Facebook community page about unknown locations on active sessions.)
Active sessions rarely mean that someone has access to your Facebook account, and thus the assertion that these sessions are “hackers” in your account is baseless. For the vast majority of us, they will represent locations and browsers that Facebook still considers us logged in to.
Sponsored Content. Continued below...
So the warning is wrong. However on the plus side the advice it gives you isn’t going to play havoc with your account. In fact we do generally recommend closing Active Sessions you don’t recognise, since you are unlikely to need them. Closing an Active Session simply means that the device/browser it corresponds to will need to login again with a username and password.
With that said, if you do notice suspicious locations in your Active Sessions list, such as locations that are far away from you, or indeed in different countries, this could potentially indicate someone has compromised your account, and we would recommend closing the session and consider changing your password.
Also if you have your Facebook account properly secured, then you’ll unlikely need to worry about Active Sessions since anyone trying to access your account from an unknown device will need to enter a verification PIN sent to YOUR phone.