Session based CSRF Tokens – What value do i use with JWT?
The Double Submit Cookie CSRF Token pattern is a stateless technique that doesn’t require storage or a database. However, it’s vulnerable to session hijacking attacks and sub-/sibling domains that are susceptible to XSS or HTML injection. … Continue reading Session based CSRF Tokens – What value do i use with JWT?