-
Notifications
You must be signed in to change notification settings - Fork 971
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use Session without cookies #567
Comments
I have a PR open for something like this (#170). Unfortunately, as it stands now the answer to your question is no. Even with that PR it wouldn't support your use case. One other note: Using predictable session id's is an insecure practice and should be avoided. So try not to use user id's like you described, but generate uuid's that are only used for auth and session tracking. If you have to build your own solution, you can use how this package generates session id's as a resource. Other Other note: Instead of passing the session id in the body, it is more common to pass it in a header. If it is also used for authentication, as is common, you can use the |
Many thanks for that answer and your notes. I hoped there is a trick to use it this library without cookies. If anyone knows an alternative, please let me know. |
You could implement a middleware before your session one that will find your client id in the body and then assign it to |
This would be really useful for chatbots. |
@sueess Is the solution given by @dotconnor solved your problem or is this still occurring ? |
I developed my own session handling. I did not test the solution of @dotconnor, but it sounds feasible. |
Is there any way to use this source or parts of it to create session without cookies? Or does anyone know a better fitting project?
I have a REST-api which is called by various services. The user-id, which I use as a session id, is in the payload of this requests. The incoming format of the JSON payload, and also the position of the user id, is different depending on the client, which sends the request.
I wanna use this user/session id to create a session, keep it alive and delete it after a certain time (clean up). The data could be kept in-memory or in a database.
Many thanks for an advice.
The text was updated successfully, but these errors were encountered: