Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

One of the most common high-impact issues is failing to expire sessions. In one case, the expiration date was set to be a whole year - once a user had a valid JWT, the system would accept it for a whole year, even if the user's account was deactivated on day 2.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: