发表新帖
发表新帖

REST user authentication

前端 未结
关注
5 1771
温柔的废话
温柔的废话 2020-12-14 04:51

OK... the basic idea is to have SERVER and CLIENT physically separated (two systems).

My idea is to build a stand-alone web service (REST, XML, API-KEY) that will pr

5条回答
  • 清歌不尽
    清歌不尽 (楼主)
    2020-12-14 05:52

    To your first question: XmlHttpRequest requests to a service will still pass along cookies, which can be used to propagate a session ID. You can even (assuming the enduser's browser supports it) mark cookies as 'HttpOnly' to reduce your XSS footprint. See Jeff Atwood's article for some detail on that.

    0 讨论(0)
 看不清?
提交回复
热议问题