sessions.py stores auth.raw_auth (which can contain passwords and tokens) directly in the session JSON file under ~/.config/httpie/sessions/. post_process_data only handles cookies and headers but leaves the auth block as-is.
Anyone with read access to the user's config directory can extract credentials from session files.
sessions.py stores auth.raw_auth (which can contain passwords and tokens) directly in the session JSON file under ~/.config/httpie/sessions/. post_process_data only handles cookies and headers but leaves the auth block as-is.
Anyone with read access to the user's config directory can extract credentials from session files.