|
|
|
|
|
|
by matwood
3079 days ago
|
|
|
This can work, but you want to keep what you send with every request very small. It's also hard to do a mass expiration or revoke a single session. If you have the tokens on the server you can run a query and easily do both. Checking signatures and decrypting on every request can also be a performance issue. |
|
|