You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The default setting put session in client cookie, is it safe? As I know cookie work in client and session just put an sessionId in client take session value in server side . koa-session without store put session value in cookie even if it is encoded but I think all from client is not worthy of trust.
The text was updated successfully, but these errors were encountered:
With the default setting, cookies are all signed, which means user can not change(or fake) session from client side, we'll check the sign in the server side.
The default setting put session in client cookie, is it safe? As I know cookie work in client and session just put an sessionId in client take session value in server side . koa-session without store put session value in cookie even if it is encoded but I think all from client is not worthy of trust.
The text was updated successfully, but these errors were encountered: