expired
Fair point, I made the meme to be silly, and, yes, this is one of the many reasons why tokens in general should expire after some point in time.
Also the meme isn’t wrong, memes don’t need logic, they’re supposed to give people a giggle.
expired
To be Frank, who I am not (I’m Hai), I can’t tell if you’re a troll or not. Although, if you’re not, my meme is not “wrong” or spreading misinformation it contains a logical fallacy, as many jokes do. I can list jokes that contain logical fallacies upon request.
Bruh, pointing out that “you’re spreading out misinformation as a joke” isn’t trolling. I’d recommend going out to touch grass, but given how thin your skin is, I am afraid you’re at aggravated risks of third degree burns from the slightest sun exposure, even during a cloudy day. So I’ll recommend for you to wear a thick coat and go see a dermatologist instead.
P.S.: nice pun, I loled.
Look at this guy over here, nerding out about the WiFi.
Jk, glad to find someone in the comments correcting the misinformation in the meme. OP is probably a hacker who likes to do session hijacking.
Not a hacker, just a silly goofball.
JWT sounds great on paper until you have to deal with logout and revocations. Might as well use standard session cookies.
expired
Fr my thoughts exactly
And what happens next time they load the site?
expired
What about incognito sessions?
Depends on your (actually, their, for example if it implies ephemeral server sessions) definition of “incognito”. But if you mean “incognito” as in “private browsing”, it makes no difference (as it has no server side impact whatsoever).
A file is a file, a remote database entry is a remote database entry. You need both gone (and securely deleted, as in
srm(1), to be really and irredeemably logged off).Admittedly, secure deletion doesn’t really matter on the server side, as restoring deleted files require filesystem level access on the server, and if an attacker has that, you’ve got other things to worry about.
Yeah, that’s what I was curious about, the security issues you mentioned as I wasn’t clear in my understanding until now. Thanks.
@7heo @tdawg, i only keep data from sites which i visit every day, no other, using Site Bleacher, it remove automatically cookies, local storages, IndexedDBs, service workers, cache storages, filesystems and webSQLs from all not whitelisted sites. This keeps clean the browser and HD.
https://github.com/wooque/site-bleacher
Similar alternative
Yeah, so lemme show you a few tools since we’re on the topic of sharing.
- Find the tool that tickles your fancy here or here.
- Find a target (for this part I won’t be giving any links).
- Once you have access to your target, run your file recovery tool (
winfr,testdisk, etc). - Bring back any and all cookies.
- Exfiltrate them using twitter, github, email, whatever.
- Congratulations, you now have access to all the (not yet expired) sessions (i.e. accounts) your target ever used, because they follow(ed) the recommendations in the meme of OP and in your comment.
Please log out from apps and websites!
Yeah you really should do both. Some session cookies can just be used as tracking cookies later.
expired
Automatically clear cookies on browser exit, only whitelist the couple of websites you use regularly.
Has the added benefit of making tracking cookies fairly (but not completely) useless
what if I already block all third party cookies? is there a point?
That’s still good practice but first party cookies aren’t exactly trustworthy either. IMO, best to whitelist what you trust and use, permablock what you don’t, and auto-wipe the rest.
so what exactly are first party cookies?
Cookies used by the site, third party would be cross origin.
(I think)
https://termly.io/resources/articles/first-party-cookies-vs-third-party-cookies/
here’s what I found
tldr: first party coolies are used to enhance your experience, with staff like login info and ur shopping cart. third party tracks you. wither way, imma start clearing most cookies from now on
To be precise, first-party and third-party just means whether the cookie set is for the domain you are currently on, or for another one. The latter do not have to be tracking cookies, but are often used as such. You can see the cookies that your browser is storing for a specific site by visiting it and looking at them in the developer tools (Storage or Application tab, depending on browser). Under the “domain” column you can see what domain it is for.
Furthermore, there you can look at the Local Storage and Session Storage tables which are also often used to store tracking data but are not prevented by cookie deletion.
Only ever using private windows and then alt F4ing to automatically delete all sessions.
This is what I do
I have a script called cookie_monster.sh
Can you post it here, or link to a git?
Doesn’t work on every sites, weirdly enough
These days you’ll need to clear localStorage, sessionStorage, and localDb to really do this. The rise in tokens means some sites only use those.
deleted by creator
fuckin hate that drake meme
shows up on a sunny day
“I fucken hate the rain!”
