Alphabay security issue

I noticed after opening Tor a day later that I was still signed into Alphabay. This means the exit node owner could scrape the php session id, allowing them to control the account. An easy solution is to logout. Though, I question the sites security in general.


Comments


[4 Points] zomgtoraway:

This means the exit node owner could scrape the php session id, allowing them to control the account.

You do realize that AlphaBay is a hidden service and that exit nodes have nothing to do with them, right?


[3 Points] None:


[2 Points] Theeconomist1:

Agora was the same way. I remember being too lazy to have to pull up Keepass to log back. A cookie expiration would do the trick.


[1 Points] alphabaysupport:

Your cookie is valid for a day, so this means that you were using the same browser, same cookies, and same user agent. You should clear your cookies between browsing sessions, on every site.


[1 Points] None:

durrrrrr


[1 Points] god_send:

Hm, that happens everytime I load up DHL.

Should I fix this?