What is the impact outside of academia? Are there similar effects in the corporate sector?
As long as you protect against CSRF attacks (I do not know anything about passport.js), cookie authentication is okay provided the API is not going to be consumed by external sites.
What is the impact outside of academia? Are there similar effects in the corporate sector?
As long as you protect against CSRF attacks (I do not know anything about passport.js), cookie authentication is okay provided the API is not going to be consumed by external sites.