wynd's profile wynd's wall (single view)
View parent
tnix's profile @tnix Jun 17, 2022, 10:58 AM

Uhh, that sounds bad. Accounts could very easily be lost and it sounds like there’s one token that can be used, meaning if the token is stolen that person has full access over their account. I would recommend just using normal accounts and also having a token pair, one for accessing the site that expires after a short amount of time and one that refreshes the session with a different token, also detect token re-use and all of that.

wynd's profile @wynd Jun 17, 2022, 11:05 AM

This was a conversation about a website that doesn’t seem to exist anymore

tnix's profile @tnix Jun 17, 2022, 11:11 AM

Were you talking about Bundle or some other site?

wynd's profile @wynd Jun 17, 2022, 12:19 PM

riverbox, it was like bundle but before

nebulous's profile @nebulous Jun 17, 2022, 3:58 PM

i legit have no idea about what i was talking about here. Your password and username were saved in localStorage and that was basically the entire auth system. Bundle uses a better system now

View all comments