简体   繁体   中英

Django - Storing a users API session token securely

I have an application which issues a simple request with basic auth which returns a session token. I then want to use that token for subsequent calls to that same application interface.

My question is, is it OK to store this token in the session/cookie of the logged in user, or should I approach this a different way? I want to ensure 100% user security at all times.

A session cookie is not a bad solution. You could also mark the cookie as "secure" to make sure that it only can be sent over https. It is far better than using ie localstorage.

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM