You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently the token can be used from anywhere. It would be possible to store a secret as a cookie so that only the browser initiating the sign in can use the transmitted token. However, this seems like an unlikely threat. The scenario that this seems to fix is an attacker who has not compromised the email but can intercept the email and use it before the user does. This would allow the attacker to access the account.
The text was updated successfully, but these errors were encountered:
Currently the token can be used from anywhere. It would be possible to store a secret as a cookie so that only the browser initiating the sign in can use the transmitted token. However, this seems like an unlikely threat. The scenario that this seems to fix is an attacker who has not compromised the email but can intercept the email and use it before the user does. This would allow the attacker to access the account.
The text was updated successfully, but these errors were encountered: