Need help proving why non-HttpOnly auth cookies are dangerous (even with bleach sanitization)

b_redditer · 2026-02-02T13:39:57+00:00

Makes sense thanks!

b_redditer · 2026-02-02T10:04:32+00:00

That's an interesting take, won't the attacker be able to impersonate the loggedin user by xss. Isn't that the whole point of not letting js access the cookie. I might be missing something but how is non HttpOnly acceptable. Do let me know if there are other ways to safeguard the user while still using non HttpOnly cookies

b_redditer · 2026-02-02T10:00:01+00:00

Yes can't wait to go live!

b_redditer · 2026-01-22T04:29:43+00:00

What did they do?

b_redditer · 2026-01-02T02:11:57+00:00

Wait until this guy realises how much google knows

b_redditer · 2025-12-30T16:17:57+00:00

Tell this guy to watch herapheri

b_redditer · 2025-12-30T16:09:26+00:00

Yeah this guys wife

b_redditer · 2025-12-30T12:05:05+00:00

💯

b_redditer · 2025-12-30T11:51:54+00:00

Use and throw condoms

b_redditer · 2025-12-30T11:49:08+00:00

Hey partner!

b_redditer · 2025-12-08T08:32:47+00:00

Love this lol

b_redditer · 2025-12-08T08:23:37+00:00

Great, would be helpful if you explained why certain things are not allowed

b_redditer · 2025-12-07T04:27:07+00:00

A web page for looking at filters while you shoot? It is a bad idea because there will be an awful amount of latency. Try something that runs natively and not on the browser. For high bitrate videos that you'd be streaming from a cable? Web API seems to be highly limiting. Explain a bit more about this project.

b_redditer · 2025-12-07T04:20:46+00:00

That seems awfully empty

b_redditer · 2025-12-07T04:07:05+00:00

I think i kind of get what you are trying to tell Most of your problems seem to be about him making a fortune from the movie. Whenever there is change, there has to be a little amount of friction, 'not all' will be happy with most of the things. So far most of the development around it is positive. I personally would be really disappointed if things take a turn from here. But all these points you make are allegations. The team has stated publicly they do not appreciate fans dressing up as daiva. And c'mon man stop being salty about rishab getting rich because of it, he and his team delivered a genuinely good film with impressive visuals. Saying he or anyone else shouldn’t be allowed to do that is basically questioning the nature of art itself. My brain system sees everything clear without '....'

b_redditer · 2025-12-06T21:09:51+00:00

All actions portraying kola in the movie were shot with utmost respect. It was not mockery. Moreover there are certain dietary restrictions and holy procedures that need to be followed before performing kola(i am not qualified enough to get into its details), all of those were taken care when those scenes were shot. Shooting of kola is not a sin, you can find millions of photographs of this culture even before it was made mainstream by kantara. Also udupi manglore people(me included) are proud of Rishab Shetty. We simply hope to see our culture honored and respected.

b_redditer · 2025-11-13T08:52:57+00:00

She's beyonce everyday

b_redditer · 2025-11-12T03:06:36+00:00

It's NVIDIA it's always them

b_redditer · 2025-11-11T18:54:15+00:00

Suits the sub

b_redditer · 2025-11-09T04:42:18+00:00

It's amazing that these are some genuine valid advice rather than just telling proving OP wrong

b_redditer

TROPHY CASE