How to do stateless (session-less) & cookie-less authentication?
Ah, I love these questions – maintaining a session without a session. I’ve seen multiple ways to do this during my stints during application assessments. One of the popular ways is the playing tennis way that you mentioned – sending the username and password in every request to authenticate the user. This, in my opinion, … Read more