core: stateful sessions and user preferences #29
Labels
area: backend
Backend changes
status: needs-design
Design diagram is required before moving forward
type: enhancement
New feature or request
Description
Clutch currently uses stateless sessions for authn (JWT is signed and valid until expiry). This makes session invalidation impractical, so it is not implemented. In Lyft's network topology, this is not a security issue. To accommodate all environments, sessions should be stateful. This will also allow us to do delegated authn with other systems (e.g. GitHub, K8s), storing additional tokens for the user in the database.
The design for stateful sessions storage should also allow for storing user preferences on the same database record.
Complexity [S/M/L]: M
The text was updated successfully, but these errors were encountered: