Hi, I am building a one page web application. Once the user exists the page, he could be considered logged out.
I was wondering if it was safe to verify if a user was logged in by comparing this.user.clientId with the value in the database when he logged in.
I am also using SSL. Are there any risks of another user stealing the session of another user or getting hacked in any way?
Hi, I was struggling with the same thing, and figured it out. You can check the gist here : https://gist.github.com/2266544 ( it is specifically for passport, but you can figure out and modify it for your needs )
Thanks for the fast answer. It really helped.