You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The current explainer says that when a session is being established, the JWT which contains the signed challenge is sent as the POST body data to the /path+"/startsession" endpoint. When the session is being refreshed however, despite there being a separate URL /path+"/refresh" used, the JWT signing the challenge is depicted as being sent in a header Sec-Session-Response.
It seems odd to have two different approaches for sending the JWT. Why not use either POST body, or a header, in both use cases?
The text was updated successfully, but these errors were encountered:
The current explainer says that when a session is being established, the JWT which contains the signed challenge is sent as the POST body data to the
/path+"/startsession"endpoint. When the session is being refreshed however, despite there being a separate URL/path+"/refresh"used, the JWT signing the challenge is depicted as being sent in a headerSec-Session-Response.It seems odd to have two different approaches for sending the JWT. Why not use either POST body, or a header, in both use cases?
The text was updated successfully, but these errors were encountered: