Comment by thayne
5 years ago
The mitigations suggested are easier said than done. In particular, domains can't share cookies which means switching domains likely means logging out any users that are logged, and losing any local settings. Likewise splitting your site between different domains makes it much more difficult to share state (such as whether you are logged in) between the sites.
No comments yet
Contribute on Hacker News ↗