|
|
|
|
|
|
by kardianos
968 days ago
|
|
|
Trying again to be more constructive, rather than having a nonce, make the nonce meaningful, so there is a time component, such as seconds from initiating the session, and a validation portion that shows this came from the session function and attests the time portion is valid. Then nonce storage, if you do it, can be limited to window when it is valid. |
|
|