Hacker News new | past | comments | ask | show | jobs | submit login

Generally websites will delete the login token on their side, leaving hijackers with an invalid token and a 'log in again' page.



Generally, watch out for older sites or sites made by people that haven't learnt much in this area which may store some kind of account id in place of a key generated on each login. In that case just because the website invalidated/deleted your cookie the hijacked cookie would still be good.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: