Playframework generateSignedToken vs generateToken

StackOverflow https://stackoverflow.com/questions/21616579

i have used both methods generateSignedToken and generateToken but i don't fully understand the difference between both (besides the string length)...which one is better to generate a nonce token?

btw i read the api description for both methods but i find it confusing...

有帮助吗?

解决方案

The generateSignedToken method uses the signToken method on a token generated by generateToken (as you can see in the source on github). The documentation says about the signToken method (Documentation of play.libs.Crypto):

Sign a token. This produces a new token, that has this token signed with a nonce. This primarily exists to defeat the BREACH vulnerability, as it allows the token to effectively be random per request, without actually changing the value.

Wikipedia on the BREACH vulnerability

许可以下: CC-BY-SA归因
不隶属于 StackOverflow
scroll top