Good morning, I was wondering what is considered b...
# cfml-general
j
Good morning, I was wondering what is considered best practice for securing a user session? I am developing in Coldbox currently and looking at their documentation but there appear to be multiple takes on how to secure the session.
d
you want to password protect your coldbox website? or secure your coldbox rest api with token authentication?
j
Website.
d
Here are some coldbox modules that do it with social media and user/orm https://forgebox.io/?search=Login
j
Okay, I'll check it out
d
Can you use social media login?
j
No plans on doing so at this time
d
So you need to manage your own custom database of users?
j
Yes. That will be next on my agenda
d
Then this module is the one you'll need to check out https://forgebox.io/view/nsg-module-security
j
Okay, I'll gander
d
Now next level protection is something like https://foundeo.com/security/
This is a solution on top of your login and entire application.
j
Yeah, I was looking into Redis but I was told it might be too much overhead.
d
only you know. May I ask what kind of website you're creating?
j
It's a site for users to login and review sales entries they have put in for.
I am getting more details as I go but that's the start
d
For salesman? Or for customers?
j
Sales people
d
have you considered a CMS?
j
Nope, customer isn't interested
d
Those have security and user management integration already
All you'd need to do is add a module for your sales entry. Login and user management is done for you.
best practices built in
Contentbox is a coldbox module you can add right now. You should try it