How to implement proper identification and session managent on json post requests?
- by IBr
I have some minor messaging connection to server from website via json requests. I have single endpoint which distributes requests according to identification data. I am using asynchronous server and handle data when it comes.
Now I am thinking about extending requests with some kind of session.
What is the best way to define session?
Get cookie when registered and use token as long as session runs with each request?
Should I implement timeout for token? Is there alternative methods?
Can I cache tokens to same origin requests? What could I use on client side (Web browser)?
How about safety?
What techniques I should use to throw away requests with malformed data, to big data, without choking server down?
Should I worry?