文章

CSRF

• CSRF Token necessary when using Stateless(= Sessionless) Authentication?
• Cookies vs Tokens. Getting auth right with Angular.JS

OAuth

• Where to Store Your JWTs - Cookies vs HTML5 Web Storage

Cookies & Session

• Cookies are bad for you: Improving web application security
• HTTP Session 攻擊與防護
• HttpOnly - HTTP Headers 的資安議題

IP

• 如何正確的取得使用者 IP？