Rails API Session Security and CSRF
I am doing an api with Rails(api-only). Security is so importand for me. I got 2 question.
1-) I am keeping user’s id in session[:authID], is it safe to use like this?
2-) Do i need CSRF protection for api-only? I’m using Next.js for clien… Continue reading Rails API Session Security and CSRF