Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

core: stateful sessions and user preferences #29

Open
danielhochman opened this issue Jul 18, 2020 · 0 comments
Open

core: stateful sessions and user preferences #29

danielhochman opened this issue Jul 18, 2020 · 0 comments
Labels
area: backend Backend changes status: needs-design Design diagram is required before moving forward type: enhancement New feature or request

Comments

@danielhochman
Copy link
Collaborator

Description

Clutch currently uses stateless sessions for authn (JWT is signed and valid until expiry). This makes session invalidation impractical, so it is not implemented. In Lyft's network topology, this is not a security issue. To accommodate all environments, sessions should be stateful. This will also allow us to do delegated authn with other systems (e.g. GitHub, K8s), storing additional tokens for the user in the database.

The design for stateful sessions storage should also allow for storing user preferences on the same database record.

Complexity [S/M/L]: M
@danielhochman danielhochman added type: enhancement New feature or request area: backend Backend changes status: needs-design Design diagram is required before moving forward labels Jul 18, 2020
@danielhochman danielhochman mentioned this issue Jul 18, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area: backend Backend changes status: needs-design Design diagram is required before moving forward type: enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@danielhochman