Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Expired cookies trigger auth token intercept #140

Closed
bcbee opened this issue Dec 14, 2018 · 2 comments
Closed

Expired cookies trigger auth token intercept #140

bcbee opened this issue Dec 14, 2018 · 2 comments
Labels
awesome-report Awesome job on reporting an issue bug Something isn't working

Comments

@bcbee
Copy link

bcbee commented Dec 14, 2018

Hey There!

I was creating Phishlets and noticed that the site was using an anti-pattern cookie clear pattern where they would set the cookie to be expired, but they also set the value to INVALID instead of "". This results in the all authorization tokens intercepted! and redirect prematurely.

Is there any objection to ignoring expired cookies when evaluating whether an auth token has been captured? Maybe we could make this a setting if there is a case where this is intended behavior (can't think of one).

Thanks!
Brendan
@bcbee bcbee mentioned this issue Dec 14, 2018
Open
@kgretzky
Copy link
Owner

Thanks for the PR! I will look into that. At first glance the fix looks good.

@kgretzky kgretzky added bug Something isn't working awesome-report Awesome job on reporting an issue labels Dec 14, 2018
@bcbee
Copy link
Author

bcbee commented Oct 2, 2020

Hey @kgretzky, just checking in on this one. Is the PR I submitted good to go?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
awesome-report Awesome job on reporting an issue bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bcbee @kgretzky