Where better to store sessionId? I call some method from api, get sessionId and where should I save it, in cookies or localstorodzhe? When entering the site, I check if it lies in the cookies / storehouse. If yes, then immediately authorize the user, skipping the authorization process.
- Do you have access to javascript access to session id? - Visman
- Yes. I receive it from the back end in some kind of cached type AAguNHuaJsbFoCvRrBcHaaaaahVkfUPdHVqjo - werty
- and I need to save it somewhere - werty
- and when entering the page, I call the new method on the client, opting out this sessionId in the request. if everything is ok, then let the user on the page - werty
- oneSession id should be transmitted by the server to the browser as cookie. And the browser will automatically send it to the server with each request. In this case, a cookie must be set to deny access to it via javascript. Otherwise, any js script uploaded to the page in the browser will lead you to the session id. - Visman
|
1 answer
Session id should be transmitted by the server to the browser as a cookie and the browser will automatically send it to the server upon each request. In this case, a cookie must be set to deny access to it via javascript, otherwise any js script uploaded to the page in the browser will lead you to the session id .
Reply from @Visman
Alexandr Tovmach Alexandr Tovmach
2,054 2 3 24
|