• Daniel@lemmy.mlOP
      link
      fedilink
      English
      arrow-up
      17
      arrow-down
      3
      ·
      1 year ago

      Fair point, I made the meme to be silly, and, yes, this is one of the many reasons why tokens in general should expire after some point in time.

      Also the meme isn’t wrong, memes don’t need logic, they’re supposed to give people a giggle.

      • 7heo@lemmy.ml
        link
        fedilink
        arrow-up
        9
        arrow-down
        2
        ·
        edit-2
        1 year ago

        Well yes, it does make people giggle, but memes are a serious form of communication now, they are used a lot, and are even used in psyops.

        So, making a meme that spreads misinformation in 2023 is among the most efficient ways to do so, especially if it does so implicitly and insidiously (by establishing two nonequivalent propositions as “equivalent” in the premise, like here).

        And, so, in that context, I argue that it is wrong, and I might add, harmful. It’s nothing against you personally or your “memeability”. It just reinforces the idea of a falsehood that undoes user education infosec professionals have been pushing for years.

        • Daniel@lemmy.mlOP
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          3
          ·
          1 year ago

          To be Frank, who I am not (I’m Hai), I can’t tell if you’re a troll or not. Although, if you’re not, my meme is not “wrong” or spreading misinformation it contains a logical fallacy, as many jokes do. I can list jokes that contain logical fallacies upon request.

    • NightAuthor@lemmy.world
      link
      fedilink
      English
      arrow-up
      9
      ·
      1 year ago

      Look at this guy over here, nerding out about the WiFi.

      Jk, glad to find someone in the comments correcting the misinformation in the meme. OP is probably a hacker who likes to do session hijacking.

    • redcalcium@lemmy.institute
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      JWT sounds great on paper until you have to deal with logout and revocations. Might as well use standard session cookies.

      • 7heo@lemmy.ml
        link
        fedilink
        arrow-up
        4
        ·
        1 year ago

        It is a great idea, but like most implementations using cryptography in new applications with novel concepts (like cryptocurrencies), it’s half assed, and people are so eager to release and use it that they forego any simulation, testing and staging of their design; so we only get to find about any shortcomings, inefficiencies, or even design mistakes, once said tech has become big and popular (and consequently, a pain to fix and patch).

    • 4am@lemm.ee
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Yeah you really should do both. Some session cookies can just be used as tracking cookies later.

      • 7heo@lemmy.ml
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        1 year ago

        Just start with closing the session, eh? Otherwise the app won’t know what session to close.

        And hopefully when the session is destroyed on the server, the app also deletes the client cookie. Assuming there will never be any server bugs, so that keeping the previous SessionIDs around on the client is “no problem”, sounds like your average “famous last words” occurrence.

  • mle@feddit.de
    link
    fedilink
    arrow-up
    33
    ·
    1 year ago

    Automatically clear cookies on browser exit, only whitelist the couple of websites you use regularly.

    Has the added benefit of making tracking cookies fairly (but not completely) useless

      • archchan@lemmy.ml
        link
        fedilink
        arrow-up
        5
        ·
        1 year ago

        That’s still good practice but first party cookies aren’t exactly trustworthy either. IMO, best to whitelist what you trust and use, permablock what you don’t, and auto-wipe the rest.

          • Daniel@lemmy.mlOP
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            Cookies used by the site, third party would be cross origin.

            (I think)

              • 0xD@infosec.pub
                link
                fedilink
                arrow-up
                2
                ·
                1 year ago

                To be precise, first-party and third-party just means whether the cookie set is for the domain you are currently on, or for another one. The latter do not have to be tracking cookies, but are often used as such. You can see the cookies that your browser is storing for a specific site by visiting it and looking at them in the developer tools (Storage or Application tab, depending on browser). Under the “domain” column you can see what domain it is for.

                Furthermore, there you can look at the Local Storage and Session Storage tables which are also often used to store tracking data but are not prevented by cookie deletion.

  • Izzy@lemmy.ml
    link
    fedilink
    arrow-up
    12
    arrow-down
    1
    ·
    edit-2
    1 year ago

    Only ever using private windows and then alt F4ing to automatically delete all session data.

    • ShustOne@lemmy.one
      link
      fedilink
      arrow-up
      7
      ·
      1 year ago

      These days you’ll need to clear localStorage, sessionStorage, and localDb to really do this. The rise in tokens means some sites only use those.