Closed tony-kerz closed 10 years ago
hi fred,
wondering if you have considered accounting for xsrf at all in this scheme?
regards, tony.
Hi Tony :) Optimally you should be using HTTPS to prevent session hijacking. The measures taken in the application as of now is simply setting a CSRF cookie using Express.
hi fred,
wondering if you have considered accounting for xsrf at all in this scheme?
regards, tony.