Authentication Process 馃洃馃洃馃洃 #52380
Unanswered
startthecode
asked this question in
General
Replies: 1 comment
-
I believe you are using Short-lived Access Tokens on client side and Long-lived Server Cookie on server side. Ensure that the cookie has the HttpOnly, Secure, and possibly the SameSite attributes set to enhance security. You can store the referesh tokens in your DB and revalidate/invalidate them accordingly before expiry |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello! I am currently developing a web application using Node.js and React. However, I am facing some issues and have doubts regarding the authentication process.
After a successful sign-up/sign-in, I am sending a token to the user which will expire in an hour. Additionally, I am storing a server cookie with a timestamp of 15 days on the client-side using the following code:
req.session.testing = "this is test";
I am also storing the received token, which expires in an hour, on the client-side cookie with a timestamp of 1 hour. If the user continues to use the app after the token and the client-side cookie both expire, I am using the server-side cookie, which has a timestamp of 15 days, to regenerate a new token without requiring the user to sign in/sign up again.
I would like to know if this approach is good and if this process is secure.
Beta Was this translation helpful? Give feedback.
All reactions