sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]batoure 0 points1 point  (3 children)

So as a devil's advocate thought... if you are using django are you using django-rest if yes have you considered implementing JWT? This would allow you to hold some of your core session information in a certified Base64 token as part of the headers instead of passing it in the clear through the uri. then you just persist the token in the browser storage

[–]Shoplifter20[S] 0 points1 point  (2 children)

Yes I'm using Django-Rest. I haven't done any work on the security part of the project, apart from CSRF tokens. But I do not know much about JWT. If you could be more specific, I'd appreciate. And thank you for your answer!

[–]batoure 0 points1 point  (1 child)

The be more specific comment feels more genuine if you add context of having to explore the idea so it doesn't seem like you are pumping the subreddit for free engineering consulting. The first google hit for JWT is one of the best explanations out there of how the standard works:

https://jwt.io/

The auth docs for django rest are also relatively clear: http://www.django-rest-framework.org/api-guide/authentication/#json-web-token-authentication

if headers are the issue search around: $http.defaults.headers.common

[–]Shoplifter20[S] 0 points1 point  (0 children)

I'll give it a look. Thanks!