Stealing user session with open-redirect bug in RailsIs open redirect bad for your website? If we don't take into account "phishing", how can be open redirect dangerous? Mind reading http://homakov.blogspot.com/2013/03/redirecturi-is-achilles-heel-of-oauth.html because any redirect to 3rd party website will leak facebook access_tokens of your users. So innocent open redirect on logout will simply reveal access_token of current user when we set redir
