You should keep it secret.
Thanks, that's what I thought. I just found out I've been sharing LoyceBot's session keys since April.I disabled this scraper, then logged out and logged in again. I think I'm good now.
I'll lock this thread soon.
Topic: Session key: can it be abused? (Read 208 times)
I disabled this scraper, then logged out and logged in again. I think I'm good now.
I'll lock this thread soon.
Hmm, I also got that same exact error at least half a dozen times today trying to edit some of my messages or to quote someone. I recall this being the first time i encounter "Session verification failed". I can also see it being reported multiple times over the years.
Should i be concerned about it and is there anything i can do?
Should i be concerned about it and is there anything i can do?
This is a normal event if you leave a tab open for a long time. No action is needed, just reload the page (from a direct link not a refresh).
Hmm, I also got that same exact error at least half a dozen times today trying to edit some of my messages or to quote someone. I recall this being the first time i encounter "Session verification failed". I can also see it being reported multiple times over the years.
Should i be concerned about it and is there anything i can do?
Should i be concerned about it and is there anything i can do?
If someone has your session key, they can try CSRF attacks against you until the key expires. You should keep it secret.
If someone gets access to someone else's session key (on Bitcointalk SMF), can that be abused? I've tried to do something with it in a private window, but get this:
Quote
Session verification failed. Please try logging out and back in again, and then try again.
Is this enough to assume there's no risk in leaking a session key, or did I overlook something? Jump to: