Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Very concerning that while my session was terminated in my browser my iPhone and iPad apps are still authenticated. Shouldn't those sessions have been invalidated too?


most apps use xAuth, which means your password isn't sent down the wire except for the very first time you authenticate.


I still killed all my oauth tokens, since they can be replayed




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: