1 comment

[ 3.0 ms ] story [ 14.7 ms ] thread
"Key Obscurity

When we’re storing these tokens in a browser, or header, there’s no point in calling out what it’s there for. Don’t use keys that are obvious, such as “SESSION_TOKEN”, opt for something that doesn’t imply to an attacker that this is where they should be concentrating their efforts."

Closes tab, shakes head...