Security problems
leomp12 opened this issue ยท 0 comments
leomp12 commented
We're exposing session with access token, it's a public property on instance object and it's a problem ๐
My suggestion is to set session object as a private member and pass it as argument to method functions, reference:
https://www.crockford.com/javascript/private.html
Also, we must edit getAuth method (and any other returning access token) to return only my_id, without token.