Hacker News new | comments | show | ask | jobs | submit login

You have one code path that authenticates web users through forms and sets cookies.

You have another code path that authenticates API callers.

You have code scattered through your whole application that makes authorization checks based on which user you're authenticated on.

Inconsistencies between the first two code paths often break that code.

Applications are open for YC Winter 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact