Mark presented a subset of the "We Fight for the User's...Session" talk at the Boulder Ruby meetup in April 2026
Key thoughts are:
- What are possible strategies to keep stolen session tokens from being used by attackers?
- Microsoft's Token Binding proposal (2016)
- Google's Device Bound Session Credentials proposal (2024)
Download Slides