Home > Net >  Create "session" - Jwt db - Good practices
Create "session" - Jwt db - Good practices

Time:01-07

I'm designing an api from scratch and i've got some newby's questions about user registration / log in.

You can find the diagram of my session creation request -> enter image description here

Now, in case you are thinking of storing the JWTs on the server, let me tell you that you might be losing some enter image description here

Note that the same JWT obtained in step 2 is being sent to 2 different application servers, and they do not need to store the state of the "session" to validate the JWT, since the JWT contains all the information necessary. The only condition is that the 3 servers have the same secret key. That's it.

If you want to implement the above using server-side sessions, you would have to synchronize the application servers so that they have the same session state at all times, and this can be a bit of a complex task. This demonstrates one of the most powerful advantages of JWTs: high scalability.

Second, i'm wondering what's the best way to deal with a user that open more than one session from the same agent. Should i close last session and create a new one or like on the diagram, get the last open session from the db and create new tokens from that ?

Basically, when using JWTs you don't have to worry about these things you mention. A user should be able to request as many JWTs as he wants, and this is not a problem as long as the expiration time of the JWTs is short. That's it. However, there are times when it is necessary to invalidate JWTs, for example when changing passwords.

Page link:https//www.codepudding.com/net/253432.html

Prev:How to use single nested serializer's data in more than one variable of parent serializer with
Next:Setting annotations to a pod using SetAnnotations Kubernetes API
  •  Tags:  
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding