Hacker News new | past | comments | ask | show | jobs | submit login

I wonder if there's another way to solve this problem. For example, a plug-in that would store cookies as opposed to passwords - and then "populate" a new session with existing cookies to log you in transparently.



that sounds like a security nightmare...

talking from experience: some sites also map the cookie to a browser id, making a migration useless. It just causes your session to get invalidated.

You can test this yourself because its pretty easy to 'import' cookies between browsers on the same pc. or it was the last time i tried it.


More of a security nightmare than passwords? Maybe, though I can't see why...

Anyways, yeah I thought about binding auth cookies to some kind of persistent hash, although I'm not sure what it could be... IPs change (laptops moving), so do user agents (browser upgrades)... I guess I'll need to test this!




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: