Very interesting #authentication #method using pure #http without #cookies or #javascript ! https://saucecode.bar/posts/06-using-www.. Even #deadsocial uses a single #cookie ! I will need to check it out, but this is potentially extremely cool!
Yeah... #deadsocial is 100% vulnerable to #csrf https://simonwillison.net/2021/Aug/3/sam.. I have a better solution for this problem though, where every requested page whilst logged in also sends a #random #token per #form that needs to be sent back with the #user #session #cookie . The reason for not using #http #headers is that not *every* browser supports them.