From Theresa's Wiki
Jump to navigation Jump to search

The .TOADSECURITY cookie is a browser cookie used by the Toad Town Online website to store user sessions in a web browser. Its content is a hash that is used by the website to determine what user account the user agent is logged in. This means that if a user can be tricked through social engineering into revealing the content of this cookie; users who are aware of it can log into the account of the user by creating a cookie named “.TOADSECURITY” with the content revealed by the user. The hash used by the .TOADSECURITY cookie is only valid for a limited time.

Users who gave away their .TOADSECURITY must immediately change their password, log out, and log back in. Logging in will create a new .TOADSECURITY cookie.