Giters

flavors / django-graphql-jwt

JSON Web Token (JWT) authentication for Graphene Django

Home Page:https://django-graphql-jwt.domake.io

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Add fingerprint to token and cookies to prevent sidejacking

AstRonin opened this issue · comments

commented

Hi all,

JWT has security issue about sidejacking.

https://cheatsheetseries.owasp.org/cheatsheets/JSON_Web_Token_for_Java_Cheat_Sheet.html#token-sidejacking

OWASP suggests to add a fingerprint into cookies to prevent using stolen token.

Do we have any ideas how we can implement this suggestion?