where is the "session fixation" / token hijacking attack graphic? The history of 1.0 and the rush to put out OAuth 1.0a I will always remember. The year was 2008 and us yammer engineers implemented this new best practice auth system. It went live. And then suddenly a few days later someone in the office proved how the hijack was possible.

▲

7bit 7 days ago | parent [-]

Why is that relevant. We are at OAuth 2.0. who cares about what's been 17 years ago?

▲

fcpguru 7 days ago | parent | next [-]

i guess it's not. just past trama. I had to talked about it. Better now.

▲

brabel 7 days ago | parent | prev [-]

2.1 is just around the corner.

▲

ted_dunning 7 days ago | parent [-]

And 2008 is still 17 years ago.

	▲	brabel 7 days ago \| parent [-]
		What??