this post was submitted on 23 Sep 2023
514 points (95.6% liked)

Memes

45923 readers
1493 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] tdawg@lemmy.world 2 points 1 year ago (1 children)

And what happens next time they load the site?

[–] 7heo@lemmy.ml 3 points 1 year ago* (last edited 1 year ago) (2 children)

If the cookie was saved in any way (maliciously or not: session hijacking, restored backup, etc), they are logged in. That's exactly the problem, thanks for pointing it out.

If they had "logged off" (or closed the session), no amount of cookie resurrection would log them back in: the server would refuse that cookie session the same way it would refuse an expired password.

[–] SnipingNinja@slrpnk.net 1 points 1 year ago (1 children)

What about incognito sessions?

[–] 7heo@lemmy.ml 1 points 1 year ago* (last edited 1 year ago) (1 children)
[–] SnipingNinja@slrpnk.net 2 points 1 year ago

Yeah, that's what I was curious about, the security issues you mentioned as I wasn't clear in my understanding until now. Thanks.

[–] Catweazle@social.vivaldi.net 1 points 1 year ago (1 children)

@7heo @tdawg, i only keep data from sites which i visit every day, no other, using Site Bleacher, it remove automatically cookies, local storages, IndexedDBs, service workers, cache storages, filesystems and webSQLs from all not whitelisted sites. This keeps clean the browser and HD.

https://github.com/wooque/site-bleacher

Similar alternative

https://github.com/Cookie-AutoDelete/Cookie-AutoDelete

[–] 7heo@lemmy.ml 4 points 1 year ago* (last edited 1 year ago)

Yeah, so lemme show you a few tools since we're on the topic of sharing.

  1. Find the tool that tickles your fancy here or here.
  2. Find a target (for this part I won't be giving any links).
  3. Once you have access to your target, run your file recovery tool (winfr, testdisk, etc).
  4. Bring back any and all cookies.
  5. Exfiltrate them using twitter, github, email, whatever.
  6. Congratulations, you now have access to all the (not yet expired) sessions (i.e. accounts) your target ever used, because they follow(ed) the recommendations in the meme of OP and in your comment.

Please log out from apps and websites!