星期一, 4月 29, 2019

JSON Web Token(JWT) 儲存在前端那邊比較好?

1. 不建議 JSON Web Token(JWT) 儲存在 localStorage/sessionStorage,透過 JavaScript XSS 攻擊可以輕易存取到。
2. 可儲存 JWT 在 HttpOnly cookie ,一般來說如果後端有用一些簡單框架,都有防止 Cross-site request forgery (CSRF) 的攻擊方式來存取 cookie 資訊。


1 則留言:

dlhtgaicy2 提到...

These features aren’t always the central factors of games, but they undoubtedly enhance these games’ entertainment value. Any slots with fun bonus rounds and massive brands are in style with slots players. It's a good 온라인 카지노 suggestion to check out new slot machines free of charge earlier than risking your bankroll. With hundreds of free bonus slots available on-line, there is no want to leap straight into real cash play. You can check out tons of of on-line slots first to find a sport that you enjoy.