Coffee shop MITM is precluded by proper implementation of https by browser. Don't need another browser feature to deal with it.
-
-
stealing cookie from a workstation left unlocked for a couple minutes while someone gets coffee
-
Why wouldn't you just install malware? Then you can use the cookie as much as you like. I really feel like there is no good answer to this. The httponly comparison is the best argument I've heard, and it's not super convincing.
- 8 more replies
New conversation -
-
-
preventing the replay of OAuth tokens from one API to another (admittedly a non browser case)
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.