Missing User Warnings
Medium
- Confidence
- 94% confidence
- Finding
- The code persists Douyin authentication cookies to a local JSON file and reuses them for future authenticated sessions, but it does not provide an explicit user warning or consent flow about long-lived session storage. Although it sets restrictive file permissions afterward, session cookies are still sensitive bearer credentials, and local persistence increases the risk of account takeover if the host, workspace, backups, or adjacent tooling are compromised.
