|
|
|
|
|
|
by nathansherburn
374 days ago
|
|
|
Wouldn't frequent reauth be beneficial for stolen sessions? E.g. If you set your session timeouts to a ~1 day then by the time your session cookies are up for sale on the dark web, they will be expired. The article doesn't mention this and it's the main reason I advocate for auth sessions that are as short as practical. |
|
|