Psyf
commented
5 years ago Cookie TTL moved to 30 minutes. Still susceptible. Can't secure without HTTPS.
Closed Psyf closed 5 years ago
Psyf
commented
5 years ago Cookie TTL moved to 30 minutes. Still susceptible. Can't secure without HTTPS.
The cookie session used in Passport maybe susceptible to replay attacks since we're using insecure channels. Have to secure it.
Take note @teojunjie, because you might be interested in this CS2107 problem.