floatplane
commented
4 months ago A reasonable improvement is probably to concatenate the remote IP address and the password, hash that and store it in the cookie. Then you can verify that the cookie seems valid for each request.
I don't think we need weapons grade security here.
Just set a cookie to
M2MSESSIONID=1and you're in 🙄https://github.com/floatplane/mitsubishi2MQTT/blob/41f5cfd9b22088fa098c1f014593f8ea38104f0d/src/main.cpp#L1962-L1972