undefined | Better HN

0 pointsseabee15y ago0 comments

Generally websites will delete the login token on their side, leaving hijackers with an invalid token and a 'log in again' page.

0 comments

robryan15y ago

Generally, watch out for older sites or sites made by people that haven't learnt much in this area which may store some kind of account id in place of a key generated on each login. In that case just because the website invalidated/deleted your cookie the hijacked cookie would still be good.

j / k navigate · click thread line to collapse

0 pointsseabee15y ago0 comments

Generally websites will delete the login token on their side, leaving hijackers with an invalid token and a 'log in again' page.

0 comments

robryan15y ago

j / k navigate · click thread line to collapse