Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change cookie when it has been used #77

Open
malx122 opened this issue Nov 21, 2018 · 0 comments
Open

Change cookie when it has been used #77

malx122 opened this issue Nov 21, 2018 · 0 comments
Labels
enhancement

Comments

@malx122
Copy link

malx122 commented Nov 21, 2018

It is common practice that a "signin" cookie should only work once, then it should be replaced with another one. Otherwise someone can steal your cookie and use it to spam multiple sessions parallel with yours without no chance for you to notice.

If it is replaced everytime is used, someone could still steal the latest one. But they will need to use it fast and when they have used it, your will not longer work so there is at least a chance it can be noticed. It also make brute-force attacks harder.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@warpech @malx122