Comments (1)
- If the browser and the server communicate with each other via HTTPS protocol, We can assume the middleman cannot obtain the information in the request, such as
cookies, tokens.
Of course, HTTPS is not enough. It would be best to prevent other situations leading to man-in-the-middle attacks, such as fake certificates. Please refer to https://www.rapid7.com/fundamentals/man-in-the-middle-attacks/ and https://www.imperva.com/learn/application-security/man-in-the-middle-attack-mitm/ for more details.
- The server will instruct the browser to delete the cookies after logging out via the
Set-Cookie Header
.
Even though cookies may still be valid, no one can retrieve deleted cookies. The browser is responsible for preventing cookies leaks.
- ABP commercial will introduce a
Sessions Management
feature to invalidate the cookies and tokens.
https://github.com/abpio/abp-commercial-docs/blob/dev/en/modules/identity/session-management.md
https://github.com/abpio/abp-commercial-docs/blob/dev/en/modules/account/session-management.md
from abp.
Related Issues (20)
- Cannot create Blazor WebApp Project in suite (8.2.0-rc.1) HOT 2
- After upgrading to 8 (OpenIdDict 5) currentuser is null HOT 2
- document AbpEntityChangeOptions and add aditional PublishNavigationEntityUpdatedEventWhenNavigationChanges HOT 1
- missing local update events when PublishEntityUpdatedEventWhenNavigationChanges is disabled HOT 11
- AddApiExplorer Extension Method cannot be used in ABP 8.1
- [8.2.0-rc.2] Lepton.Global errors trying to run Suite HOT 3
- Angular project does not compile with typescript > 5.4.0 HOT 2
- Add CorrelationId to Logger property for LogContext
- Volo.Abp.FluentValidation Package seems to not be working HOT 3
- Blazor webapp language switch error HOT 2
- Update angular packages version to `17.3.0`
- Cannot get value in AppSettings on the default page of AbpFramework, such as in Login.cshtml.cs HOT 1
- Optimize EntityChange logs HOT 2
- No project found in the directory when run abp install-libs HOT 2
- Send Base64 Images in Email with Google Apps
- Send Base64 Images in Email with Google Apps
- About Inline localization in template engines HOT 1
- can only be serialized using async serialization methods. HOT 4
- GetIdentityUsersInput recommends inheriting an extended property HOT 1
- identity module replaces PagedAndSortedResultRequestDto with ExtensiblePagedAndSortedResultRequestDto
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from abp.