July 2017
Beginner to intermediate
358 pages
10h 54m
English
JWT, which is probably the most common session token you will find used with APIs, encodes into a format that is URL-safe. Storing or passing the token in a URL, however, is not recommended, and it should always be stored in either a cookie or as a POST variable. The reason for this is that if you pass session tokens in a URL, these can leak into your server logs and, depending upon how you manage the duration of the token, if an attacker gains access to your log files, they may also be able to obtain full access to execute commands for your users.
Read now
Unlock full access