eric. ¯\(°_o)/¯
@overflow.bsky.social
4/4
My question is, how do I prevent this?
One solution I came up with is to not! regenerate the token on each! user-made request, but instead automatically with javascript send an ajax request ever ~5 minute, to re-generate the token.
grateful for any thoughts! have a great day!
My question is, how do I prevent this?
One solution I came up with is to not! regenerate the token on each! user-made request, but instead automatically with javascript send an ajax request ever ~5 minute, to re-generate the token.
grateful for any thoughts! have a great day!
May 9, 2023 at 10:53 AM
4/4
My question is, how do I prevent this?
One solution I came up with is to not! regenerate the token on each! user-made request, but instead automatically with javascript send an ajax request ever ~5 minute, to re-generate the token.
grateful for any thoughts! have a great day!
My question is, how do I prevent this?
One solution I came up with is to not! regenerate the token on each! user-made request, but instead automatically with javascript send an ajax request ever ~5 minute, to re-generate the token.
grateful for any thoughts! have a great day!
3/4
i stumbled on a big issue last night. the connection was wonky & requests didnt reach the server so i ended up hammering away multiple requests & when one finally reached the server, the token got updated(as it should), & the other requests in queue then had the wrong token, & i was signed out
i stumbled on a big issue last night. the connection was wonky & requests didnt reach the server so i ended up hammering away multiple requests & when one finally reached the server, the token got updated(as it should), & the other requests in queue then had the wrong token, & i was signed out
May 9, 2023 at 10:52 AM
3/4
i stumbled on a big issue last night. the connection was wonky & requests didnt reach the server so i ended up hammering away multiple requests & when one finally reached the server, the token got updated(as it should), & the other requests in queue then had the wrong token, & i was signed out
i stumbled on a big issue last night. the connection was wonky & requests didnt reach the server so i ended up hammering away multiple requests & when one finally reached the server, the token got updated(as it should), & the other requests in queue then had the wrong token, & i was signed out
2/4
On each request, the back-end verifies the token in the encrypted cookie to the token stored in the DB for that user account, if not matching, the user is signed out.
On each request, the back-end verifies the token in the encrypted cookie to the token stored in the DB for that user account, if not matching, the user is signed out.
May 9, 2023 at 10:52 AM
2/4
On each request, the back-end verifies the token in the encrypted cookie to the token stored in the DB for that user account, if not matching, the user is signed out.
On each request, the back-end verifies the token in the encrypted cookie to the token stored in the DB for that user account, if not matching, the user is signed out.
1/4
I have built a system that after a user successfully logs in to a website, an encrypted cookie is set with the user ID (uuid in db) and a token.
To prevent cookie theft, the token is re-generated on each and every request the browser sends, and the cookie updated/replaced.
I have built a system that after a user successfully logs in to a website, an encrypted cookie is set with the user ID (uuid in db) and a token.
To prevent cookie theft, the token is re-generated on each and every request the browser sends, and the cookie updated/replaced.
May 9, 2023 at 10:52 AM
1/4
I have built a system that after a user successfully logs in to a website, an encrypted cookie is set with the user ID (uuid in db) and a token.
To prevent cookie theft, the token is re-generated on each and every request the browser sends, and the cookie updated/replaced.
I have built a system that after a user successfully logs in to a website, an encrypted cookie is set with the user ID (uuid in db) and a token.
To prevent cookie theft, the token is re-generated on each and every request the browser sends, and the cookie updated/replaced.