|
|
|
|
|
|
by sqrt17
5775 days ago
|
|
|
Well, nowadays you can encrypt and sign sessions and store the signed/encrypted data on your client side (or non-encrypted cookies if you want them to be modifiable from the client side). As long as it's more difficult to fake session data than to buy working credit card numbers, you're fine (at least once you've taken care of XSS attacks, which I take to be no less of a problem in a single-page site). Wow. Did I just point out that cookies have legitimate and valid uses? My self from 10 years ago would run after me with a shovel and yell that cookies are evil. (Incidentally, the opinion of my self from 10 years ago about Javascript would be exactly the same). |
|
|