silverpill on Nostr: sapphire Tadano Access token can be stolen from local storage if frontend has XSS ...
sapphire (nprofile…s0yr) Tadano (nprofile…v9yr) Access token can be stolen from local storage if frontend has XSS vulnerabilities. Also people may log in from someone else's device and then forget to log out.
I don't know what is the optimal value, that's why it is configurable, but I think a session that expires in 1 month or even in 1 year is strictly better than forever session.
Published at
2024-12-13 19:12:51Event JSON
{
"id": "d81623b81ad255a49773590b4634ceda2930edd27994cff80a9df5e74ee23888",
"pubkey": "6a5f35dc281276c30c527e1240ef6bad3ef27bcf92b4fef017dc7f5a5c31e5ec",
"created_at": 1734117171,
"kind": 1,
"tags": [
[
"p",
"6715e34f62b174aec0243a64ecd1bfdd10708b19d40b4157e208906fa0851f4a",
"wss://relay.mostr.pub"
],
[
"p",
"ffcd2b5036870eb1b6fe0fc767a880efa68e5893503728fdd2024f99cf55f225",
"wss://relay.mostr.pub"
],
[
"e",
"a66d94cf5229e4c0361c9e63e7435ba4ec8fb88cfea81a85cd973b43b00f043b",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://mitra.social/objects/0193c170-222d-762f-2cac-14ebdcaf1a24",
"activitypub"
]
],
"content": "nostr:nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqvu27xnmzk962aspy8fjwe5dlm5g8pzce6s95z4lzpzgxlgy9ra9qr4s0yr nostr:nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqllxjk5pksu8trdh7plrk02yqa7ngukyn2qmj3lwjqf8enn647gjs9dv9yr Access token can be stolen from local storage if frontend has XSS vulnerabilities. Also people may log in from someone else's device and then forget to log out.\n\nI don't know what is the optimal value, that's why it is configurable, but I think a session that expires in 1 month or even in 1 year is strictly better than forever session.",
"sig": "f8bfdd10a4a93017a0444016268e4a838a88596a226f417379baed868eec3ffa34a88a4ee0297ef8a3fa549a1841071fc67ac447e616bb2791eec07c28b9b331"
}
