How to implement proper identification and session managent on json post requests?

Posted by IBr on Programmers See other posts from Programmers or by IBr
Published on 2014-06-04T08:54:09Z Indexed on 2014/06/04 9:37 UTC
Read the original article Hit count: 195

Filed under:
|
|

I have some minor messaging connection to server from website via json requests. I have single endpoint which distributes requests according to identification data. I am using asynchronous server and handle data when it comes.

Now I am thinking about extending requests with some kind of session.

  1. What is the best way to define session? Get cookie when registered and use token as long as session runs with each request? Should I implement timeout for token? Is there alternative methods? Can I cache tokens to same origin requests? What could I use on client side (Web browser)?

  2. How about safety? What techniques I should use to throw away requests with malformed data, to big data, without choking server down? Should I worry?

© Programmers or respective owner

Related posts about web-applications

Related posts about JSON