SPA best practices for authentication and session management
This question has been addressed, in a slightly different form, at length, here: RESTful Authentication But this addresses it from the server-side. Let’s look at this from the client-side. Before we do that, though, there’s an important prelude: Javascript Crypto is Hopeless Matasano’s article on this is famous, but the lessons contained therein are pretty … Read more