florgon / api

🔧 Core API for our Ecosystem (including services, SSO). 👨‍💻 Deployed and used in production. 📗 Documented with swagger.
https://api.florgon.com/v1/docs
Other
27 stars 4 forks source link

Session token does not have check for client (client host, client user agent) #91

Closed kirillzhosul closed 2 years ago

kirillzhosul commented 2 years ago

Checks should be same with access token. As session token is more important for security (can create another access token, suitable for cookie stealing).