As our sessions will be based on a token, we need to secure that authentication token. There are different things that need to be done for that:
- Not passing an access token in the URL.
- Access token expiration.
As our sessions will be based on a token, we need to secure that authentication token. There are different things that need to be done for that: