|
|
|
|
|
|
by y4mi
3204 days ago
|
|
|
that sounds like a security nightmare... talking from experience: some sites also map the cookie to a browser id, making a migration useless. It just causes your session to get invalidated. You can test this yourself because its pretty easy to 'import' cookies between browsers on the same pc. or it was the last time i tried it. |
|
|
Anyways, yeah I thought about binding auth cookies to some kind of persistent hash, although I'm not sure what it could be... IPs change (laptops moving), so do user agents (browser upgrades)... I guess I'll need to test this!