blob: cfe8ea275ad1f45d9f0458483bf1bb114ad098a4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
# NoSession
[](https://modrinth.com/mod/nosession/)<br>
[](https://www.curseforge.com/minecraft/mc-mods/nosession)<br>
<br>
NoSession is a mod that protects your session ID.
## Does this make me perfectly safe?
This mod doesn't make you 100% safe, but it makes it much harder to steal your session token. If you want to stay perfectly safe, look at the
[staying safe section](#staying-safe)
## Staying Safe
In order to work around an unpatchable security vulnerability, rename the NoSession jar to !.jar, so it can load its protection before any other mods.<br>
This only protects you from other mods. There are fake verification sites that can steal your session ID through that method.<br>
Don't log in with Microsoft OAuth to anything except maybe your Minecraft launcher. You may also want to verify the signature on any NoSession binary. It's signed with [pandaninjas' GPG key](https://raw.githubusercontent.com/pandaninjas/pandaninjas/main/pandaninjas-publickey.key) if the release is v1.1.0 or earlier, and signed with [this key](https://raw.githubusercontent.com/thefightagainstmalware/NoSession/main/releasesigner.asc) if the release is later than v1.1.0
See [ILikePlayingGames' SkyblockModSafety guide](https://github.com/ILikePlayingGames/SkyblockModSafety) for other information
## Support
Support is provided in [The Fight Against Malware's discord server](https://discord.gg/TWhrmZFXqb)
## Bug bounty
See [SECURITY.md](SECURITY.md)
## Features
- Does not break existing token login methods
## Contributing
All pushes to the main branch *must* be signed with a cryptographic key. See https://docs.github.com/en/authentication/managing-commit-signature-verification/generating-a-new-gpg-key and https://docs.github.com/en/authentication/managing-commit-signature-verification/adding-a-gpg-key-to-your-github-account for how
|
