|
|
|
|
|
|
by wglb
1867 days ago
|
|
|
> So all of reddit, every page, needs to reverify its auth token every request? Yes. > Like, what is the worst that is gonna happen in a five minute window between logout and the token expiring? Complete compromise of your reddit account. > But every read request for a normal user? You are telling me that those all need to re-verify every request? For information that is not public, yes. > JWT is pretty rad, honestly. In the eyes of an attacker, absolutely. |
|
|