Baoyuantop opened a new issue #6141: URL: https://github.com/apache/apisix/issues/6141
Just a proposal here, in the token object instead of total expiration seconds, can we use the expiration timestamp? So during the checking phase inside the `check_csrf_token` method, we could potentially check/prevent/[minimize the window] of replay attacks as an added benefit by figuring out if the generated cookie is long been expired or not. WDYT Thank you. cc @spacewander _Originally posted by @bisakhmondal in https://github.com/apache/apisix/pull/5727#discussion_r785417944_ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
