Hi,
Not directly related to OAuth at this time but we are investigating
alternatives to session cookies. I am asking about coding additional
approaches to thwart browsers' (Firefox) restored session cookies that our
bank's users are objecting to. We don't want to change browser settings. I
know that this is widely discussed but haven't seen a general approach.
SInce protocols like OAuth may use tokens based on timestamps we could use
an approach like this to have a second factor of authentication.
How do I prevent old session cookies that are restored by browsers from
replaying an attack ? What additional cookies or tokens can I code ?
Can I look at any part of the source code to understand this ?
Thanks,
Mohan
--
You received this message because you are subscribed to the Google Groups
"OAuth" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
