cookie-jar is visible to public

ErikDeBruijn / TeslaFTW

Pebble v2.0 App to control your Tesla Model S/X or hopefully soon, Model III.

GNU General Public License v3.0

11 stars 7 forks source link

cookie-jar is visible to public #1

Closed hjespers closed 10 years ago

hjespers commented 10 years ago

You might want to add 'cookie-jar' into your .gitignore so as not to expose your Tesla authentication cookies on the public internet.

ErikDeBruijn commented 10 years ago

Thanks for notifying me!! Actually I'm unaware of an option to revoke a token. I've logged on again, which should regenerate it, but I'm not sure whether I should prevent access to the car for the time being (from inside the car)? I'll do that as a precaution for now...

hjespers commented 10 years ago

I don't think you can revoke a tesla portal token and once generated they work for quite a while (30-90 days I think).

ErikDeBruijn commented 10 years ago

I ended up changing the password (just to see if it mattered) and then the existing token seems to have stopped working. Tesla confirmed that the tokens should become revoked.