monofuel
commented
7 years ago We should also put the api key into localstorage and not as a cookie.
we can set the api key as a header when initializing the websocket connection, and refactor how logging in and registering works. Move all the login/register junk to REST calls, and require authorization to connect on websocket.
I already use Oauth on japura.net and on ffxivmc, we should use Oauth for login on badmars.