https://security.stackexchange.com/questions/51294/json-web-tokens-jwt-as-user-identification-and-authentication-tokens
http://stackoverflow.com/questions/27301557/if-you-can-decode-jwt-how-are-they-secure
https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/
https://news.ycombinator.com/item?id=11895440 (Master piece)
Thêm 1 giải thích cơ chế truyền SESSION_ID từ client lên Server:
Consider the first case. Each client gets a random ID that lasts for the duration of the session - which could be several days if you like. Then you store the information relevant to that session somewhere server side. It could be in a file or a database. Let's suppose you pass the ID via a cookie but you could use the URL or an HTTP header
Tức là ngoài dùng cookie, Browser/Client có thể dùng HTTP header hay URL (GET?).
https://softwareengineering.stackexchange.com/questions/298973/rest-api-security-stored-token-vs-jwt-vs-oauth
http://stackoverflow.com/questions/27301557/if-you-can-decode-jwt-how-are-they-secure
https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/
https://news.ycombinator.com/item?id=11895440 (Master piece)
Thêm 1 giải thích cơ chế truyền SESSION_ID từ client lên Server:
Consider the first case. Each client gets a random ID that lasts for the duration of the session - which could be several days if you like. Then you store the information relevant to that session somewhere server side. It could be in a file or a database. Let's suppose you pass the ID via a cookie but you could use the URL or an HTTP header
Tức là ngoài dùng cookie, Browser/Client có thể dùng HTTP header hay URL (GET?).
https://softwareengineering.stackexchange.com/questions/298973/rest-api-security-stored-token-vs-jwt-vs-oauth
Comments
Post a Comment