Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

>a mandatory re-auth

which, if the persons password is saved in their browser, would pass through to the website, granting a re-auth.



Oh, I misunderstood what you meant as the session token still being active.

I got you now. I've been using 3rd party password managers (with a timeout for a forced reauth) long enough that I forgot when you let the browser do it it's not nearly so locked down.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: