You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Would it be an idea to include an api call /app/user/whoami?
In the context of multiple independent frontends, a frontend needs a way of testing if there is a pre-existing session when the page loads. The most natural way would be to make a call to the server and see if it is authenticated already. If the user is already authenticated, the cookie will automatically include the auth_token header. If the call returns with a permission denied error, the user should be directed to an authentication page.
I am currently using /app/campaign/read for this, but /app/user/whoami might be more elegant. It could be faster, less error prone, and if it succeeds you could display something like "welcome back user lausd.001". The current gwt front-end manually saves the username in a separate cookie to do this, which is a security vulnerability.
The text was updated successfully, but these errors were encountered:
Would it be an idea to include an api call
/app/user/whoami
?In the context of multiple independent frontends, a frontend needs a way of testing if there is a pre-existing session when the page loads. The most natural way would be to make a call to the server and see if it is authenticated already. If the user is already authenticated, the cookie will automatically include the auth_token header. If the call returns with a permission denied error, the user should be directed to an authentication page.
I am currently using
/app/campaign/read
for this, but/app/user/whoami
might be more elegant. It could be faster, less error prone, and if it succeeds you could display something like "welcome back user lausd.001". The current gwt front-end manually saves the username in a separate cookie to do this, which is a security vulnerability.The text was updated successfully, but these errors were encountered: