Y
Hacker News
new
|
ask
|
show
|
jobs
by
bloody-crow
967 days ago
I feel like nonce-tracking on the server side makes it a non-viable solution for a lot if not most of applications. A nonce needs to be stored/validated on every request, even a GET one. Seems like a recipe for DDoS.