undefined | Better HN

0 pointsszastamasta4y ago0 comments

I mean you cannot send stuff from client. If you’re using tokens for auth and don’t want to use session cookies, you end with ugly polyfils.

0 comments

coder5434y ago

> If you’re using tokens for auth and don’t want to use session cookies

That sounds like a self-inflicted problem. Even if you’re using tokens, why not store them in a session cookie marked with SameSite=strict, httpOnly, and secure? Seems like it would make everything simpler, unless you’re trying to build some kind of cross-site widget, I guess.

szastamastaOP4y ago

I need to work with more than 1 backend :)

coder5434y ago

This is such an opaque response, I don't know what else could be said. If you're sending the same token to multiple websites, something feels very wrong with that situation. If it's all the same website, you can have multiple backends "mounted" on different paths, and that won't cause any problems with a SameSite cookie.

1 more reply

j / k navigate · click thread line to collapse

0 comments

coder5434y ago

> If you’re using tokens for auth and don’t want to use session cookies

szastamastaOP4y ago

I need to work with more than 1 backend :)

coder5434y ago

1 more reply

j / k navigate · click thread line to collapse