#1 2023-08-14 16:07:41

mrbar2000
Member
From: Brazil
Registered: 2016-10-26
Posts: 51

Doubts about rsoSessionInConnectionOpaque

When i ahould be use this in rest options?

Offline

#2 2023-08-14 18:38:31

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,134
Website

Re: Doubts about rsoSessionInConnectionOpaque

You should not use it in most cases.

It is for advanced use only, to speedup the session validation, which is done only once for each TCP connection.
But checking the signature and its session validation is fast enough in practice.

Never use it anyway outside of a safe encrypted channel, like TLS or mORMOT encrypted websockets, which avoid any MiM attacks.

Offline

#3 2023-08-16 03:54:50

mrbar2000
Member
From: Brazil
Registered: 2016-10-26
Posts: 51

Re: Doubts about rsoSessionInConnectionOpaque

Tnks. I will study Better the auth mechanism I want jwt with authuser and authsession control.

Offline

Board footer

Powered by FluxBB