You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've been a big fan of this library for a long time. It is a massively helpful tool in order to get authentication off of the ground quickly.
I often use it in the context of a SPA with a separately hosted Rails API only server. I was wondering what the best practices were around using "remember". Currently, I am doing the following flow:
1.) User logins in. A JWT Authorization header is returned, and then a "remember" HTTP only cookie is set.
2.) If the user has that cookie, then I call a custom /me route that returns the current user.
I was surprised that there wasn't a route to get the current user which surprised me (although it is a very simple route). Is this the best/most secure way to handle persistence, or should I be doing something else?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
I've been a big fan of this library for a long time. It is a massively helpful tool in order to get authentication off of the ground quickly.
I often use it in the context of a SPA with a separately hosted Rails API only server. I was wondering what the best practices were around using "remember". Currently, I am doing the following flow:
1.) User logins in. A JWT Authorization header is returned, and then a "remember" HTTP only cookie is set.
2.) If the user has that cookie, then I call a custom
/meroute that returns the current user.I was surprised that there wasn't a route to get the current user which surprised me (although it is a very simple route). Is this the best/most secure way to handle persistence, or should I be doing something else?
Beta Was this translation helpful? Give feedback.
All reactions