auth

Paddy 2014-08-16 Parent:9a1e62c24903 Child:9fe684b33b3d

16:13568ac73ac3 Go to Latest

auth/session.go

Note the potential for CSRF attacks. Our auth provider probably shouldn't have security vulnerabilities. Add TODOs to ensure that logging in and authorizing a grant are not susceptible to CSRF attacks, or it becomes pretty easy for an attacker to gain access to user data or to gain access to a user account.

Download raw file
View source Diff to previous Annotate
History
1 package auth
2
3 import "net/http"
4
5 func validateSession(r *http.Request, c Context) error {
6 // TODO: return an error if the user does not have a valid session
7 return nil
8 }