|
|
|
|
|
|
by bottled_poe
3829 days ago
|
|
|
> Basic auth is insecure When used over HTTPS it is about as secure as any other web auth method. > Force users to reauthenticate after a certain period of time. With basic auth, there is no session. Authentication credentials are sent with each request. > Allow user to logout without closing their browser. There is no session. Only authenticated requests. It's not for everyone, but I find that stateless APIs are much easier to work with. |
|
|