top | item 44189270

(no title)

grrowl | 9 months ago

I remember back in the day you could embed <img src="http://someothersite.com/forum/ucp.php?mode=logout"> in your forum signature and screw with everyone's sessions across the web

discuss

lobsterthief|9 months ago

Haha I remember that. The solution at the time for many forum admins was to simply state that anyone found to be doing that would be permabanned. Which was enough to make it stop completely, at least for the forums that I moderated. Different times indeed.

sedatk|9 months ago

Or you could just make the logout route POST-only. Problem solved.

anthk|9 months ago

jbverschoor|9 months ago

It's essentially the same, as many apps use HTTP server + html client instead of something native or with another IPC.