|
|
|
|
|
|
by pointytrees
2583 days ago
|
|
|
I'm familiar with that process. I was trying to illustrate a picture of how a poor developer might stumble their way into this situation. It's technically possible to store the userid in the cookie rather than using JWTs, but obviously it's not secure in the slightest. |
|
|