Am a computer science student and am very proud of the content you share
On Mon, 1 Jul 2024, 22:36 Joseph Aidoo, <josephaidoo0...@gmail.com> wrote: > Pls good afternoon sir pls can i have you WhatsApp line > > On Mon, 20 May 2024, 15:10 zvo...@seznam.cz, <zvol...@seznam.cz> wrote: > >> With traditional frontend (like realized with Django templates), the user >> will GET the login form and in this step Django sends csrf token. Later, in >> 2nd step, you send credential and the csrf token to the server. >> >> But in Django + Reactive frontend (Svelte in my case, but it is not >> important at all) solution, the Login form is created by Svelte. Them >> submission: not the real submission, but under the Submit button Svelte >> sends credentials to Django using FetchAPI. Maybe this submission is the >> 1st communication to Django server and so we haven't the csrf token yet (?!) >> >> So I have realized the Session Authentication without any regard to >> csrftoken cookie. My login view is wrapped by csrf_exempt. Svelte form >> sends credentials, Django makes login() and sends sessionid cookie back. It >> works. >> >> Now my question is: Is this solution safe enough? Or is it danger and I >> should first get the csrftoken cookie from server in some earlier request >> and add the header with csrftoken? >> >> It is pain to have such question. >> AI cannot answer it, instead it will write lot of text and code examples, >> without answering YES or NO, without understanding what I am asking. >> Find other sources is difficult (StackOverflow) is difficult too. On one >> side many people say Session Authentication is safe for browsers, JWT is >> not safe at all (because the token is saved in LocalStorage, not KeyChain). >> On other side, it looks like almost nobody uses Session Authentication and >> in problems many people say: Just go to JWT. >> That are reasons why it is difficult to realize the Session >> Authentication. But once realized, it is supereasy - no code, just the >> built-in cookie mechanism. >> >> So what do you mean? >> Or can you recommend some source which describes reactive frontend + >> sessionid & csrftoken cookies? >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Django users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to django-users+unsubscr...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/django-users/e8d3658a-0e28-468d-a6f6-10e058217605n%40googlegroups.com >> <https://groups.google.com/d/msgid/django-users/e8d3658a-0e28-468d-a6f6-10e058217605n%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAFXDyhgyt_VErumxDzVsiUyQGRNfntvn3T1N3tfEnJb3gQ-Hew%40mail.gmail.com.
