Posted Nov 18, 2010 0:52 UTC (Thu) by bfields
In reply to: Password takeover
Parent article: Gathering session cookies with Firesheep
Try it. Go to facebook, and try to change your email address or your password without re-entering your password.
You'll find it doesn't let you, even though you've given it a session cookie. And that's by design....
to post comments)