epicspongee

joined 1 year ago
[–] [email protected] 2 points 1 year ago

Yes, recently you took many steps backwards especially in Florida and the problems are real, but it is still a better situation than just a few years ago.

Tell me you're not following news in Florida without telling me you're not following news in Florida.

Seriously, it is just annoying at this point. It is ridiculous that you believe that you are somehow special and won’t be prosecuted by dictators like Putin, killed by Stalin for “anti communist behavior” etc.

Quite literally nobody is saying this. But to be completely fair, Cuba, a communist state, currently has better protections for LGBTQ+ people than any state in the US. ESPECIALLY Florida.

[–] [email protected] 0 points 1 year ago (2 children)

Why are you commenting on this thread when you're not a member of the server?

[–] [email protected] 2 points 1 year ago (1 children)

Why would a ton of conservatives commandeer an explicitly leftist instance, and why would a ton of conservatives have a bunch of pronouns in their bios + trans emotes

[–] [email protected] 8 points 1 year ago

I’m kinda disgusted by the amount of Russia apologia and pro war sentiment generally.

Where are you seeing this. Do you have links? I've seen people mentioning this a lot but have never seen any of this content personally.

[–] [email protected] 1 points 1 year ago (1 children)

It not only verifies that any given incoming request is in the absolute correct format it also validates the timestamp in the user’s cookie (it’s a JWT thing).

This is false.

Lemmy's JWTs are forever tokens that do not expire. They do not have any expiration time. Here is the line of code where they disable JWT expiration verification.

Lemmy's JWTs are sent via a cookie and via a URL parameter. Pop open your browser console and look at it.

There is no way to revoke individual sessions other than changing your password.

If you are using a JWT cookie validation does not matter, you need to have robust JWT validation. Meaning JWTs should have short expiration times (~1hr), should be refreshed regularly, and should be sent in the header.

1250
AmeriRule (lemmy.blahaj.zone)