You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the chapter "Cross Domain Sessions", the session API was designed as
POST /session - Login - Sets the session username and returns a csrf token for the user to use
DELETE /session - Logout - Destroys the session and regenerates a new csrf token if the user wants to re-login
GET /session - Checks Auth - Simply returns if auth is true or false, if true then also returns some session details
where :id is the session.id which has been passed in cookies
Actually, the browser should have one and only one session in this site. So, the :id in this API is not necessary.
IMHO, to prevent the conflict, It's better to declare SessionModel with the attribute { url: "/session" } rather than { urlRoot: "/session" }, so that the express application can declare
In the chapter "Cross Domain Sessions", the session API was designed as
However, The express application declares
where :id is the session.id which has been passed in cookies
Actually, the browser should have one and only one session in this site. So, the :id in this API is not necessary.
IMHO, to prevent the conflict, It's better to declare SessionModel with the attribute { url: "/session" } rather than { urlRoot: "/session" }, so that the express application can declare
As the design document mentioned above.
The text was updated successfully, but these errors were encountered: