Hi. <https://www.prisma.io/docs/1.2/reference/migr...
# orm-helpi
Industrial
01/01/2019, 9:18 PMHi. https://www.prisma.io/docs/1.2/reference/migration-guides/authentication-and-authorization-yaeco6ieth using JWT does this mean you are not saving any token of the client session on the server side at all?
l
lancej
01/01/2019, 10:22 PMThese are just examples. If you need to keep track the user session a secure method is to have a server side token stored on the db or redis only which can contain a set of claims the user can do. What is given to the client is another token which enough to identify the user and can map to the server token. The advantage this has is that you can expire the server token at any time, such as the case for locking a user out or if client tokens are stollen.
lancej
01/01/2019, 10:23 PMIn my simpler case I do not need a session and I have a short client token expiry (10 mins) which would need the client use the refresh token to generate a new token. There are pros and cons to both ways but depends on your situation
4 Views