<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Thu, Nov 19, 2015 at 7:00 AM,  <span dir="ltr"><<a href="mailto:dancer-users-request@dancer.pm" target="_blank">dancer-users-request@dancer.pm</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
This blog of mine might be helpful in understanding how it all works:<br>
<br>
<a href="http://blog.geekuni.com/2015/06/three-ways-to-implement-sessions.html" rel="noreferrer" target="_blank">http://blog.geekuni.com/2015/06/three-ways-to-implement-sessions.html</a><br>
</blockquote></div><br></div><div class="gmail_extra">We should also be talking about JWT JSON Web Tokens because the Cookie scheme is broken.<br>I use Crypt::JWT . These links explain it nicely:<br><br><a href="https://auth0.com/blog/2014/01/27/ten-things-you-should-know-about-tokens-and-cookies/">https://auth0.com/blog/2014/01/27/ten-things-you-should-know-about-tokens-and-cookies/</a><br><a href="http://jwt.io/">http://jwt.io/</a><br>JWS <a href="https://tools.ietf.org/html/rfc7515">https://tools.ietf.org/html/rfc7515</a><br>JWT <a href="https://tools.ietf.org/html/rfc7519">https://tools.ietf.org/html/rfc7519</a><br></div><div class="gmail_extra"><a href="http://stackoverflow.com/questions/20504846/why-is-it-common-to-put-csrf-prevention-tokens-in-cookies">http://stackoverflow.com/questions/20504846/why-is-it-common-to-put-csrf-prevention-tokens-in-cookies</a><br>Cheers -- Rick<br><br></div></div>