NoSession is a mod that protects your session ID.
This mod doesn't make you 100% safe, but it makes it much harder to steal your session token. If you want to stay perfectly safe, look at the staying safe section
In order to work around an unpatchable security vulnerability, rename the NoSession jar to !.jar, so it can load its protection before any other mods.
This only protects you from other mods. There are fake verification sites that can steal your session ID through that method.
Don't log in with Microsoft OAuth to anything except maybe your Minecraft launcher. You may also want to verify the signature on any NoSession binary. It's signed with pandaninjas' PGP key if the release is v1.1.0 or earlier, and signed with this key if the release is later than v1.1.0
See Angry_Pinapple's Hypixel forum post for more information
Support is provided in The Fight Against Malware's discord server
See SECURITY.md
- Does not break existing token login methods
All pushes to the main branch must be signed with a cryptographic key. See https://docs.github.com/en/authentication/managing-commit-signature-verification/generating-a-new-gpg-key and https://docs.github.com/en/authentication/managing-commit-signature-verification/adding-a-gpg-key-to-your-github-account for how