Closed saadjutt01 closed 2 years ago
Session based authentication is already implemented. Web apps need to access APIs without access token and utilise their valid session.
Access is granted to secured APIs if session is valid.
Need to add CSRF protection to all requests trying to access API with valid session.
Session based authentication is already implemented. Web apps need to access APIs without access token and utilise their valid session.
Access is granted to secured APIs if session is valid.
Intent
Need to add CSRF protection to all requests trying to access API with valid session.
Implementation