What is the purpose of cookie encryption in LinkAce? #616
Closed
chrissawyerfan4
started this conversation in
Code Discussion
Replies: 1 comment 1 reply
-
It's actually just the default for the framework and there's no reason to change it. It is probably needed when actual session data is stored in cookies, but that is not the case for LinkAce. Filesystem or Redis are used for user sessions. |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
https://github.com/Kovah/LinkAce/blob/main/app/Http/Kernel.php#L33
When removing this line, I see that a random session and anti-csrf token is set, which are opaque to the user anyhow. What is the purpose of adding authenticated encryption on top? Is there functionality where secret or authenticated data is set as a cookie that I have not yet uncovered?
Beta Was this translation helpful? Give feedback.
All reactions