I learned that for session-based authentication, the session id is normally stored in the browser's cookie and will be sent back to the server on each request.
And I guess there are multiple avenues for sending session IDs (cookies, headers, request bodies, URLs, etc) So what are the implications or tradeoffs for storing session ids in cookies or HTTP headers or request bodies or even URLs?
from Where should we store session Ids
No comments:
Post a Comment