|
|
|
|
|
|
by dmix
4318 days ago
|
|
|
Client-side token based authentication is pretty well used and tested. It's even being standardized as JWT (JSON Web Token): http://self-issued.info/docs/draft-ietf-oauth-json-web-token... Additionally, there are quite a few benefits to using Token auth over cookie-based auth as well, such as not having to worry about CRSF protection: https://auth0.com/blog/2014/01/07/angularjs-authentication-w... I'd say cookies have a greater risk of being intercepted and hijacked than a token-based system. But every implementation has flaws even if the underlying concept has been vetted. But if you're protecting sensitive information, it's always good to hire a security expert to test your systems. |
|
|