Home > Blockchain >  Cookie token authentication
Cookie token authentication

Time:01-25

I have a MERN app, where I use passport to create/authenticate the user, and persist the auth state by storing the hashed JWT Token in a HttpOnly Secure cookie. The only problem is that, if I log User A in Chrome, and copy the cookies to other browser like Edge, the token appears valid to the Backend, and the user appears logged in the Edge browser.

Since i'm trying to implement a csrf token, the validation should fail right? What is the best pratices to implement this type of authentication?

CodePudding user response:

This behaviour is by default. To protect against CSRF use the SameSite=lax cookie attribute and\or anti-CSRF tokens

Page link:https//www.codepudding.com/Blockchain/274781.html

Prev:How to create sample entities on app startup in a Spring Boot project?
Next:Fastest way to augment a WMT17 training set
  •  Tags:  
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding