How would you suggest to identify users if you don't use fb_sig_user? Or is there some extra information you can use to determine if it's forged?
Facebook adds a hidden input with a cookie, which most applications seem to use without trouble to verify the ID of the user posting. Most of the wall applications we've tested will detect when you try to do this and give some error like "you must log in."Presumably there is some API developers can use to verify the login information.
doesnt seem to work anymore. what about editing fb_sig_session_key - the user's id is listed in there also. even editing that didnt do it ... still posting as me
pin:215CF8B1 TW: @Sagolnm GAME OVER - Sago (Prod. By 24Hstudios)Youtube:http://www.youtube.com/watch?v=fBD3fU4g6Vo
Post a Comment