Here's a very good comparison:
https://stackoverflow.com/a/35347022/171950
The important part in the link above is that local storage approach is CSRF protected, but exposed to XSS.
see also:
https://docs.microsoft.com/en-us/aspnet/core/security/anti-request-forgery?view=aspnetcore-2.2
No comments:
Post a Comment