Playframework generateSignedToken vs generateToken

StackOverflow https://stackoverflow.com/questions/21616579

Pergunta

i have used both methods generateSignedToken and generateToken but i don't fully understand the difference between both (besides the string length)...which one is better to generate a nonce token?

btw i read the api description for both methods but i find it confusing...

Foi útil?

Solução

The generateSignedToken method uses the signToken method on a token generated by generateToken (as you can see in the source on github). The documentation says about the signToken method (Documentation of play.libs.Crypto):

Sign a token. This produces a new token, that has this token signed with a nonce. This primarily exists to defeat the BREACH vulnerability, as it allows the token to effectively be random per request, without actually changing the value.

Wikipedia on the BREACH vulnerability

Licenciado em: CC-BY-SA com atribuição
Não afiliado a StackOverflow
scroll top