Zhongming Chen
Sep 28, 2018 · 1 min read
  1. OP doesn’t have to know whose session is it belong to, it simply returns either ‘error’ if not authenticated, or token(s) if authenticated.
  2. You are right it clean up the cookie
  3. OP domain
  4. No it doesn’t, that is the whole point of this spec to reduce network traffic.
Zhongming Chen

Written by

A happy dad and I write code