You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, the interface stores its state in localStorage. This works very will in most cases, with the notable exception of Paw, which does not persist this data within its OAuth2 plugin. This causes loads of unnecessary authorizations to be created by developers, not to mention the annoyance of having to log in again. We should investigate setting cookies from the client side.
OWASP generally prefers storing this kind of data (session credentials) in httpOnly cookies set by the server. This distinction is not of particular use in our case, though, as these credentials necessarily convey access to reading authorization secret over the API. It may be good to adopt server-set cookies, but this will have to be part of a broader change to have any value.
The text was updated successfully, but these errors were encountered:
Currently, the interface stores its state in
localStorage. This works very will in most cases, with the notable exception of Paw, which does not persist this data within its OAuth2 plugin. This causes loads of unnecessary authorizations to be created by developers, not to mention the annoyance of having to log in again. We should investigate setting cookies from the client side.OWASP generally prefers storing this kind of data (session credentials) in
httpOnlycookies set by the server. This distinction is not of particular use in our case, though, as these credentials necessarily convey access to reading authorization secret over the API. It may be good to adopt server-set cookies, but this will have to be part of a broader change to have any value.The text was updated successfully, but these errors were encountered: