I've always wondered why many web frameworks have an elaborate "session management" feature. What would you store in such a session other than a CSRF token and user id?


(And, technically, you don't even need to store a CSRF token, that could just as easily be derived from the session id)

Sign in to participate in the conversation

Welcome to your niu world ! We are a cute and loving international community O(≧▽≦)O !