In my application I want to implement facebook graph like security.So Access tokens are created at server side and then they are send to client at the time of login.After that when client make request then the access tokens are appended at the request header.
But at server side how can I validate that the request is from valid user.
Scenario:- I mean it can also happen that when client send request, some middle party can copy the whole request and then the middle party can send that request to server and server will send the response.This scenario I want to deal. Please provide some suggestion on how can I verify that request is form valid user?
Implement SSL/TLS to allow access to your application over HTTPS.
This will prevent replay attacks being constructed by a Man-In-The-Middle or eavesdropper.