Explore >> Select a destination
|
You are here 
|
brockallen.com | ||
| | | | |
neilmadden.blog
|
|
| | | | | In XSS doesn't have to be Game Over, and earlier when discussing Can you ever (safely) include credentials in aURL?, I raised the possibility of standardising a new URL scheme that safely allows encoding a bearer token into a URL. This makes it more convenient to use lots of very fine-grained tokens rather than one... | |
| | | | |
www.rasikjain.com
|
|
| | | | | Here are three scenarios for implementing authentication workflows. Internet Applications (Public facing) For internet web applications and APIs, Session based (SessionID cookie) and Token Based (JWT) Authentication can be implemented. Session Based: Implemented for a majority of traditional and stateful web applications. Once the user is authenticated, A Session state is created and stored in an external State server or SQL database. The Session state is identified by a unique SessionID.... | |
| | | | |
www.sjoerdlangkemper.nl
|
|
| | | | | Cookies are typically sent to third parties in cross origin requests. This can be abused to do CSRF attacks. Recently a new cookie attribute was proposed to disable third-party usage for some cookies, to prevent CSRF attacks. This post will describe the same-site cookie attribute and how it helps against CSRF. | |
| | | | |
www.github.com
|
|
| | | my blog, with astro. Contribute to Krayorn/blog development by creating an account on GitHub. | ||
