Session Authentication
Last updated
Last updated
We're going to implement session authentication from scratch.
If you're familiar with this, you can skip.
*If you steal cookie from client (csrf or xss), hacker only use that cookie for "GET" action. because of the csrf token.