Hacker News new | ask | show | jobs
by gcr 4672 days ago
It already is a server-side thing.

This post shows how to steal that session/token/ticket after the authentication step.

What are you proposing?
1 comments
tlrobinson 4672 days ago
In that case this is no worse than stealing a cookie for a site which required 2FA, which presumably requires local access.
link