Hi, I’m creating a server which accepts http only session cookie, it contains user’s email. Is it okay for me to rely on that?
For example a user request to delete a post. My server only checks whether the post’s author email is equal to the session’s email.
Should i always verify the session in DB?
If yes, isn’t it time consuming?
Any insight would be appreciated