Bulletproof Sessions: Secure Session Handling Without Cookies
(tudorconstantin.com)
As if there weren't enough session handling mechanisms (session id's in each URL, cookies, http only cookies, JWT tokens in the request header), let me introduce you a novel one: having a service worker that intercepts and cryptographically signs all the requests to the origin.
As if there weren't enough session handling mechanisms (session id's in each URL, cookies, http only cookies, JWT tokens in the request header), let me introduce you a novel one: having a service worker that intercepts and cryptographically signs all the requests to the origin.