security - Using JWT instead of Cookie on SSL enabled site -


instead of using cookie i'm using jwt token gets send every request. every request post request token not saved in browser's history.

it's single-page app.

the token looks like:

{     userid: 12345678,     expires: <unix timestamp>,     otherinfo: <something> }

everything ssl secured. token created on server when user logs on.

would way replace cookie or see flaws?

no, not solution. using cookies (with httponly flag) cross-request persistence not optional - it's way safely store session credentials, in such way on-page javascript code cannot access directly.

this essential prevent eg. session stealing in xss attack, ensuring scripts cannot access credentials, can still used in requests server.

your use of jwt doesn't seem solve problem, either - why can't use session cookies using existing session implementation? kind of thing precisely they're made for.


Comments

Post a Comment

Popular posts from this blog

How to mention the localhost in android -

i trying call localhost in android application. unfortunately not possible used several methods emulator local host http://10.0.2.2/android/dbconnection.php and network ip address http://192.168.1.xx/android/dbconnection.php also http://localhost:8080/android/dbconnection.php but nothing connected localhost. purpose refer stackoverflow answers not working i facing same problem when worked on localhost. referred stackoverflow answer got solution create new emulator works fine in new emulator.
Read more

php - Calling a template part from a post -

i include iframe within post in wordpress. located inside content of post, meaning cannot in post template file, otherwise either before or after. i'd add facebook plugin within posts: <div id="socialwrap"><div class="fb-like" data-href="http://onlinearizonahomes.info" data-send="true" data-width="450" data-show-faces="true" data-font="arial"></div></div> i thinking of calling template part within post <?php get_template_part( 'social' ); ?> cannot use php within post without plugin (i'd avoid using plugin this). an alternative using javascript create html in post, seems unnecessary use of javascript. what best way add html within wordpress post? you can use shortcode. add functions.php function cudjex_fbshare( $atts, $content = null ) { global $post; $link = get_permalink($post->id); return '<div id="socialwrap...
Read more