I create an iOS app that use a wordpress website as back office, I use son_api plugin but I have some doubt on security, whit the plugin I create the cookie with
/api/auth/generate_auth_cookie/
the I save the response into an object and on the next request I put the cookie as header:
[manager.requestSerializer setValue:_user.cookie forHTTPHeaderField:@"cookie"];
then in function.php I check if the user is connected in this way:
$cookie = $_SERVER['HTTP_COOKIE'];
global $json_api;
if ($cookie)
{
$user_id = wp_validate_auth_cookie($cookie, 'logged_in');
}
now my question is, is the correct way for security?