Greg Price 318682fd52 auth: Use URL rather than cookie to pass signed data cross-domain. ...

The cookie mechanism only works when passing the login token to a
subdomain.  URLs work across domains, which is why they're the
standard transport for SSO on the web.  Switch to URLs.

Tweaked by tabbott to add a test for an expired token.

2017-10-27 14:42:04 -07:00

17 KiB

Raw Blame History

View Raw