In case you are using my nginx-sso authentication provider please upgrade to version v0.24.1 ASAP.
Previous versions were not initializing the secure cookie correctly so an attacker might be able to forge a login cookie and therefore pass around your login.
The fix is included in release v0.24.1 for which a binary release as well as updated docker containers are available.
Thank you very much for finding and fixing the bug @nyanloutre
Please note: All users are logged out automatically once after the update to v0.24.1 - this is expected and confirms your cookie is now set correctly.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!