|
Facebook rolls out infinite session ids by Acidus at 5:52 pm EDT, Apr 3, 2007 |
To improve the user experience for your application, we've added support for session keys that don't expire. This means that users will only have to log in to Facebook once for your application.
... holy shit, you have to be kidding me. To take advantage of infinite sessions, your application should permanently store a user's session key and include it in method calls. You won't ever need to establish a new session on behalf of that user, unless the user explicitly logs out of your application. To see infinite sessions in action, check out the Facebook Exporter for iPhoto - once logged in to Facebook for the first time, users should never have to log in again.
Ok, follow the idiot bread crumbs here. First Facebooks turns down $800 million. Now they are just asking to get 0wn3d with their "infinite" sessions. I never thought I'd use the words "wet dream" and XSRF in the same sentence but this is a wet dream for anyone wanting to write a facebook XSS or XSRF worm. Make you wonder exactly how many bong hits did Mark Zuckerberg do at Harvard? |
|
RE: Facebook rolls out infinite session ids by Eliot at 3:56 am EDT, Apr 4, 2007 |
Write a paper and I'll give you the dev.facebook shirt I got at SXSW. Then you'll have something to wear during the talk. |
|
| |
RE: Facebook rolls out infinite session ids by Acidus at 12:34 pm EDT, Apr 4, 2007 |
Eliot wrote: Write a paper and I'll give you the dev.facebook shirt I got at SXSW. Then you'll have something to wear during the talk.
HAHA! On the day after I put a Hackaday sticker on my car (picture coming soon) Eliot joins Memestreams! Why oh why are you encouraging me to pursue a lift of crime Eliot? [registers for Facebook...] |
|
|
RE: Facebook rolls out infinite session ids by JimShoe at 11:53 am EDT, Apr 4, 2007 |
I know for a fact that you can run javascript code on the edit page of your profile. It only runs once, but it does run, at lease it did as of Outerz0ne. I believe it was the somewhere in the "about me" section. |
|
|
|