
Session Tokens Explained - taylorhalliday
https://blog.meshstudio.io/the-whats-why-s-and-how-s-session-tokens-8e5e447089f4
======
bigiain
"Key Obscurity

When we’re storing these tokens in a browser, or header, there’s no point in
calling out what it’s there for. Don’t use keys that are obvious, such as
“SESSION_TOKEN”, opt for something that doesn’t imply to an attacker that this
is where they should be concentrating their efforts."

Closes tab, shakes head...

