[LINK] Millions of LinkedIn passwords leaked online

Martin Barry marty at supine.com
Fri Jun 8 17:21:59 AEST 2012


$quoted_author = "Craig Sanders" ;
> 
> it may still have a valid session cookie or similar.

But surely when a password is invalidated and/or changed you should also
invalidate all existing session cookies? Or is that asking too much of the
"geniuses" in charge of security?

cheers
Marty



More information about the Link mailing list