in reply to Dancer2 per-window sessions?

Its like a session id within a session id :)

a nonce appended to links/forms to prevent replay attacks and session riding... CSRF ... https://www.owasp.org/index.php/Session_Management#Page_and_Form_Tokens , Cryptographic nonce, Plack::Middleware::CSRFBlock, Dancer2::Plugin::CSRF, Mojolicious::Plugin::DeCSRF, ...

/foo/newnew .... issues a new nonce for the stack

All the links are nonced  /foo/nonce/view/id or some such

  • Comment on Re: Dancer2 per-window sessions? (just another variable, url rewriting, form nonce token , xsrf csrf)
  • Download Code

In Section Seekers of Perl Wisdom