Home » Tags

Gin

JWT Dual-Token Hardening Postmortem: From Stateless Refresh to Revocable Redis Sessions

A security hardening postmortem for JWT AT/RT architecture: treating Redis reservation as completed and implementing RT rotation, replay detection, and revocable sessions.

2026-03-23 · 4 min · 784 words · YUCHENG MING

HTTPS Upgrade Triggered 403: A Deep Postmortem from Security Middleware to Container Isolation

A postmortem on a persistent 403 after HTTPS migration, traced to both missing CSRF allowlist updates and Podman Rootless image namespace isolation.

2026-03-17 · 3 min · 517 words · YUCHENG MING