-
Notifications
You must be signed in to change notification settings - Fork 33
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use Cookies instead of LocalStorage for JWT token store. #301
Comments
I wouldn't mind taking a look into this. |
reference: https://github.com/zeit/next.js/ |
So we are considering this use case for server side rendering which requires cookie to pass user session state:
It has yet to know:
|
The login process is still done in client, so the cookie is actually produced in client and then sent to server. This should be done by developers who are using skygear, since different SSR frameworks have different flags to distinguish server-side and client-side. Problem is that skygear does not allow passing in token as parameter from server due to its current auth implementation.
|
The cookie should be set by skygear-server.
We plan to make skygear set the cookie properly, all user request will have the skygear auth token in cookie. Including request to skygear-server or node-SSR server. In the way, it will solved @IniZio problem, right?
The framework should affect more than the runtime. Let me providing some info on how react works. One approach used by https://github.com/nfl/react-helmet . The developer will required to call For supporting SSR stream, we may refer how https://github.com/tizmagik/react-head do. But this is probably another approach and may require users to change how they currently use skygear within react component. We may want to take a look on vue and angular too. |
@rickmak @cheungpat @carmenlau I was told firebase use both cookies and localstorage a hybrid approach. Maybe worth checkout to see how it was done too. |
Skygear server should support rotating session. For example, if the skygear server is configured with Alternatively if the skygear server is configured with The default value of |
Reported by Clients, to make isomorphic JS app, it needs to be in Cookies. (Plus briefly search online, it seems Cookies is the recommend way?)
Either we make cookies default (if it make sense) or have an options to use Cookies?
The text was updated successfully, but these errors were encountered: