mayocat-shop icon indicating copy to clipboard operation
mayocat-shop copied to clipboard

Published 20 hours ago verified publisher icon jvelo

Support for token based sessions

Open jvelo opened this issue 9 years ago • 1 comments

Right now user sessions are supported through encrypted/signed cookies. There is a cost associated with this strategy which is not negligible : the password as to be verified for each request, and we must keep a verification cost high enough so that hashes can't be brute forced. Right now the cost is about 100ms per verification. With token based sessions, this cost goes away and we can even increase the password verification time since it will happen only upon login

jvelo avatar Mar 05 '15 15:03 jvelo

See http://jwt.io/

jvelo avatar Nov 18 '15 16:11 jvelo