|
|
|
|
|
|
by notpushkin
970 days ago
|
|
|
> You'd perhaps want to track a small window of nonces to account for this. Just send a signed UTC timestamp instead of a nonce. Make it valid for like 5–15 seconds to ensure it doesn't break if clocks are out of sync slightly – it will still be better than cookies that live practically forever. |
|
|