Nemeski@lemm.ee to Technology@lemmy.worldEnglish · 4 months agoFighting cookie theft using device bound sessionsblog.chromium.orgmessage-square8fedilinkarrow-up10arrow-down10
arrow-up10arrow-down1external-linkFighting cookie theft using device bound sessionsblog.chromium.orgNemeski@lemm.ee to Technology@lemmy.worldEnglish · 4 months agomessage-square8fedilink
minus-squaredracs@programming.devlinkfedilinkEnglisharrow-up0·4 months agoI don’t think WebAuthn protects against cookie theft. WebAuthn better protects the login process. But if the result of the login process is still a session/auth cookie, that can be stolen like any other cookie.
I don’t think WebAuthn protects against cookie theft. WebAuthn better protects the login process. But if the result of the login process is still a session/auth cookie, that can be stolen like any other cookie.