Skip to content
loading...

re: Please Stop Using Local Storage VIEW POST

TOP OF THREAD FULL DISCUSSION
re: cookies are inherently stateful because they require session data to be present on the server Not exactly true. Many cookies use signatures or en...

Cool, I didn't know that! How does credential revocation work in that context? Or do you just maintain a really short validity window?

Well, it doesn't necessarily work. One way is to keep short validity, another is to tie it to e.g. the last update of the relevant user's password, or similar - you wouldn't have to check the contents of the package, just that it's been signed after the password has last changed.

There are lots of little options you could use, but it's not always necessary.

I think lietu has just described JWT in a cookie ...

code of conduct - report abuse