Client-side session revalidation
Answered
Pacific herring posted this in #help-forum
Original message was deleted.
Answered by B33fb0n3
One solution would be to use JWT as auth method. That will sign a json object, that is saved on the client. The client can't modify it, but you can access it everywhere (serverside & clientside). Because it's handled clientside, you don't need to request your server nor your data source. You can just ask the client what the saved values are π
9 Replies
Original message was deleted
One solution would be to use JWT as auth method. That will sign a json object, that is saved on the client. The client can't modify it, but you can access it everywhere (serverside & clientside). Because it's handled clientside, you don't need to request your server nor your data source. You can just ask the client what the saved values are π
Answer
You could store the user id in the cookies and add a expiration date to it upon logging in.
And when the user goes to a page, check if the cookie is valid/not expired. if it IS expires, reroute the user to a login page or something (use your imagination)
Sun bear
I think storing user id in a cookie without any encryption is not really safe and easy to manipulate, isnt it?
@B33fb0n3 One solution would be to use JWT as auth method. That will sign a json object, that is saved on the client. The client **can't** modify it, but you can access it everywhere (serverside & clientside). Because it's handled clientside, you don't need to request your server nor your data source. You can just ask the client what the saved values are π
Thats true, which is where the JWT comes in. Just JWT sign the cookie upon login and add it to the client
No worries! good luck.
Original message was deleted
Sure thing. Please mark solution
@Pacific herring for archival purposes please avoid deleting the original question unless strictly necessary, such as when the question contains secrets (that you should have never posted in the first place)