Suppose a user loggs in a django site.
For subsequent requests, django knows it's the same user. How does it know that?
Does user (browser) sends a id of some sort? If so, what prevents that a malicious user could try a random id to log in as the user?
I'm trying to convert this app to use django.
The app gave a token (id of some sort) to a user id, and user attached it to http-header for all subsequent requests.
Am I doing the essentially same thing if I convert the app to talk to django?
Aucun commentaire:
Enregistrer un commentaire