Joined August 2015
·
Posted to
Goodbye PHP Sessions, Hello JSON Web Tokens
over 1 year
ago
@rmcdaniel I know that... but donĀ“t you think its better jwt_helper.php return a simple invalid message (when token is invalid) instead of give us a fatal error?
Posted to
Goodbye PHP Sessions, Hello JSON Web Tokens
over 1 year
ago
A little problem...
Using this:
$token = JWT::decode($POST['token'], 'secretserver_key');
echo $token->id;
If you change/forge the token (somebody can do it), jwthelper.php will return a Fatal Error and expose your "secretserver_key" on error message. Have you tried?
Now I need to agree with you: a try and catch on UnexpectedValueException solve the problem with elegance =D
Kudos!