• CaptainBasculin
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    1
    ·
    8 months ago

    Isn’t this what WebAuthn already does? Why introduce a new protocol when another one does the job well?

    • dracs@programming.dev
      link
      fedilink
      English
      arrow-up
      5
      ·
      8 months ago

      I don’t think WebAuthn protects against cookie theft. WebAuthn better protects the login process. But if the result of the login process is still a session/auth cookie, that can be stolen like any other cookie.