suppose i hit a web service which need to be authorised, now for that i login the user and set the token in cookies so that the ajax calls can read the token and hit backend server for data.
But this would not be secure as anyone can read the cookie and make backend server calls.
what is the good way to make these calls secure?
Expose your webservice over https only, and mark your cookies as
secure.https://security.stackexchange.com/questions/100/how-can-i-check-that-my-cookies-are-only-sent-over-encrypted-https-and-not-http