Ben Postlethwaite bpostlethwaite

## dash_username_auth.md

      
              1 file
            
          
              0 forks
            
          
              8 comments
            
          
              0 stars
            
          
                bpostlethwaite
                / dash_username_auth.md
            
            
              Last active
              July 13, 2018 16:57
                — forked from T4rk1n/dash_username_auth.md
            
          
    Additional auth cookies:


dash_user

signed with itsdangerous.
the username appears in clear text in the cookie as user.TOKEN


dash_user_data

json web signature with itsdangerous.
The json web signature is not entirely safe, do not add sensitive data.


The users cookies have no expiry, they are validated by the python package itsdangerous.