OAuth as a replacement for cookie authentication in web apps
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
lib
src
test
.gitignore
.gitmodules
LICENSE
README.markdown

README.markdown

rhinautheros

Most web applications use cookies to authenticate the browser session after the user has logged in. Cookies suffer from security problems

Rhinautheros aims to implement 2-legged OAuth for authenticating XHR requests, thus closing the CSRF hole.

This project is a work in progress. It is not in a working state yet.

See the talk description, Cookies are bad for you and slides, presented at Open Source Bridge 2011.