You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Within the linked scenario of the best practice remember me cookie validation(http://jaspan.com/improved_persistent_login_cookie_best_practice), you have to check for the correct triplet of uid, series id and token in the database. I would put it in the verification callback. Then if you validated the cookie this way, you have to replace the token field with a new one, leaving the other two intact (or delete the whole document/row and add a new one with the same credentials, except for the token which have to be a fresh one). This part should go to the issue callback as I see it.
Now my question is if there is a standard way to share those credentials among the callbacks, especially the series id which have to be used for the db lookup to insert the new token if i'm getting it right, (the user id probably presented in the request after verification).
Moreover, for sake of performance, is there an advisement for doing only a single database round trip, changing the token field at once instead of clearing it first, aka consuming the token during verification, and setting the new one next during the issue part of the process.
In other words I'm a bit confused about what to do when, and how to access the cookie information or part of it in the issue callback.
Please enlighten me if I'm not understanding the practice or the intent of strategy correctly, or maybe if we have a better way to do the whole thing now in 2015. Also I'm happy to answer any question in case I wasn't able to make myself clear!
And thank you of course for the great module (passport.js) and also for this strategy!
The text was updated successfully, but these errors were encountered:
I'm just curious about this:
Within the linked scenario of the best practice remember me cookie validation(http://jaspan.com/improved_persistent_login_cookie_best_practice), you have to check for the correct triplet of uid, series id and token in the database. I would put it in the verification callback. Then if you validated the cookie this way, you have to replace the token field with a new one, leaving the other two intact (or delete the whole document/row and add a new one with the same credentials, except for the token which have to be a fresh one). This part should go to the issue callback as I see it.
Now my question is if there is a standard way to share those credentials among the callbacks, especially the series id which have to be used for the db lookup to insert the new token if i'm getting it right, (the user id probably presented in the request after verification).
Moreover, for sake of performance, is there an advisement for doing only a single database round trip, changing the token field at once instead of clearing it first, aka consuming the token during verification, and setting the new one next during the issue part of the process.
In other words I'm a bit confused about what to do when, and how to access the cookie information or part of it in the issue callback.
Please enlighten me if I'm not understanding the practice or the intent of strategy correctly, or maybe if we have a better way to do the whole thing now in 2015. Also I'm happy to answer any question in case I wasn't able to make myself clear!
And thank you of course for the great module (passport.js) and also for this strategy!
The text was updated successfully, but these errors were encountered: