• dracs
    link
    fedilink
    English
    arrow-up
    5
    ·
    8 months ago

    I don’t think WebAuthn protects against cookie theft. WebAuthn better protects the login process. But if the result of the login process is still a session/auth cookie, that can be stolen like any other cookie.