View As

facebook view as feature

Just a few months ago, Facebook announced in a security update that a "security issue" had affected over 50M users' accounts, following up thereafter with additional technical details. If you have a Facebook account, you might recall being forcibly logged out around then, which was a defense mechanism, if belated; you can also check if attackers gained access to information associated with your Facebook account.

Answer the below in view.md, each in no more than two sentences in your own words.

Questions

  1. (2 points.) What’s an access token?

  2. (2 points.) What bugs enabled attackers to obtain, potentially, your access token?

  3. (2 points.) Why, presumably, did Facebook forcibly log users out?

  4. (2 points.) How do session cookies (e.g., Flask’s) differ from access tokens?

Debrief

  1. Which resources, if any, did you find helpful in answering this problem’s questions?

  2. About how long, in minutes, did you spend on this problem’s questions?