Skip to content


Subversion checkout URL

You can clone with
Download ZIP


Question regarding safety #192

ghost opened this Issue · 2 comments

1 participant


Hi, I am building a one page web application. Once the user exists the page, he could be considered logged out.
I was wondering if it was safe to verify if a user was logged in by comparing this.user.clientId with the value in the database when he logged in.
I am also using SSL. Are there any risks of another user stealing the session of another user or getting hacked in any way?



Hi, I was struggling with the same thing, and figured it out. You can check the gist here : ( it is specifically for passport, but you can figure out and modify it for your needs )


Thanks for the fast answer. It really helped.

@ghost ghost closed this
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.