Tja ich weiß nicht was ich noch dazu sagen soll:

> It is impossible to maintain a secure session with Twitter, for multiple reasons. Additionally, once a session has been
> hijacked, it is possible for the attacker to maintain control over the account (not just the session) indefinitely,
> unless the user changes their password. This is because the session cookie has the same lifetime as the password.

[Impossible to Maintain Secure Session With Twitter.com Web Interface](http://seclists.org/fulldisclosure/2010/Apr/430)

> This cookie works even after the user logs out using the http://twitter.com/logout action, and even after the user logs
> back in again to start a new session. The only way to invalidate this cookie is to change the user's password, which
> results in a new, equally long-lived password_token value.

m(

May 04 2010 © https://www.bananas-playground.net 2000 - 2025