25Oca
No csrf token, instead sessiontokens?
Will a random-generated-session-key be enough, so that I can end the usage of csrf token? The front end, will receive the token when logged in. It will be stored in «local storage» at the client’s device and check for every request to backend. It will last for a given time, and when you log off, you end the session.
All sessions will be saved in a database by the backend. The backend will search for these keys with data from the requests. It will return data to front end, if the key is valid.
Will this be safe? Or is there any weak points in this architecture?
