|
|
|
|
|
|
by dns_snek
781 days ago
|
|
|
> and that's with them knowing (or at least having that information available) that there are no live sessions of that account (the whole browser in private mode thing). Unless you explicitly logged out, they likely to see the opposite picture, i.e. numerous "valid" sessions (as opposed to active) that haven't been used for varying lengths of time because you logged in, but from their perspective, you never logged out. You just cleared your cookies which means the session is still "valid", even if it's inaccessible to you because the session cookies have been cleared from your device. I don't know if they take any of this into account but as you've pointed out, assuming that the rightful owner of the account must have access to a different session is a huge assumption to make. |
|
|