Create an Account
username: password:
 
  MemeStreams Logo

Facebook rolls out infinite session ids
search
Home Agent Weblogs Social Network Post Help About

Acidus
Picture of Acidus
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Acidus's topics
Arts
Business
Games
Health and Wellness
Home and Garden
Miscellaneous
Current Events
Recreation
Local Information
Science
Society
Sports
Technology

support us

Get MemeStreams Stuff!


 
Facebook rolls out infinite session ids
Topic: Technology 5:52 pm EDT, Apr  3, 2007

To improve the user experience for your application, we've added support for session keys that don't expire. This means that users will only have to log in to Facebook once
for your application.

... holy shit, you have to be kidding me.

To take advantage of infinite sessions, your application should permanently store a user's session key and include it in method calls. You won't ever need to establish a new session on behalf of that user, unless the user explicitly logs out of your application. To see infinite sessions in action, check out the Facebook Exporter for iPhoto - once logged in to Facebook for the first time, users should never have to log in again.

Ok, follow the idiot bread crumbs here. First Facebooks turns down $800 million. Now they are just asking to get 0wn3d with their "infinite" sessions. I never thought I'd use the words "wet dream" and XSRF in the same sentence but this is a wet dream for anyone wanting to write a facebook XSS or XSRF worm.

Make you wonder exactly how many bong hits did Mark Zuckerberg do at Harvard?

Facebook rolls out infinite session ids

Thread [4]


  
 
Powered By Industrial Memetics		RSS2.0