this removes encryption from header session id and cookie session id to instead use just signing. this will improve performance while better ensuring packets are from the server and not generated outside of the server.
Will need to add IP Address and Browser meta data and or the ability to get a hash of the SSL Certs exchanged from the browser to the server. this will further improve security.
this removes encryption from header session id and cookie session id to instead use just signing. this will improve performance while better ensuring packets are from the server and not generated outside of the server.
Will need to add IP Address and Browser meta data and or the ability to get a hash of the SSL Certs exchanged from the browser to the server. this will further improve security.