Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
ars
on March 1, 2017
|
parent
|
context
|
favorite
| on:
Quantifying the Impact of “Cloudbleed”
On sites I write, I hash the hash of the current password into the session key. That way if you change your password all sessions are invalid, even if you change your password to itself.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
