How to implement proper identification and session managent on json post requests?
Posted
by
IBr
on Programmers
See other posts from Programmers
or by IBr
Published on 2014-06-04T08:54:09Z
Indexed on
2014/06/04
9:37 UTC
Read the original article
Hit count: 195
I have some minor messaging connection to server from website via json requests. I have single endpoint which distributes requests according to identification data. I am using asynchronous server and handle data when it comes.
Now I am thinking about extending requests with some kind of session.
What is the best way to define session? Get cookie when registered and use token as long as session runs with each request? Should I implement timeout for token? Is there alternative methods? Can I cache tokens to same origin requests? What could I use on client side (Web browser)?
How about safety? What techniques I should use to throw away requests with malformed data, to big data, without choking server down? Should I worry?
© Programmers or respective owner