Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improved device id hash generation #530

Merged
merged 17 commits into from
Aug 29, 2024
Merged

Improved device id hash generation #530

merged 17 commits into from
Aug 29, 2024

Conversation

sinamics
Copy link
Owner

Generation and Storage

  • During sign-in, the system checks for an existing device ID in the user's cookies.
  • If no device ID is found, a new random 16-byte device ID is generated.
  • This device ID is stored as an HTTP-only cookie during the user's first sign-in or when no existing device ID is found.
  • The device ID is also stored in the database, associated with the user's account.

Verification in JWT Callback

  • The device ID is added to the JWT token during sign-in.
  • In subsequent requests, the JWT callback checks if the device ID in the token exists in the database.
  • If the device is found, its 'lastActive' timestamp is updated.
  • If the device is not found, the device ID is removed from the token and user is signed out.

Related #526

@github-actions github-actions bot added the ztnet Main Application label Aug 29, 2024
@sinamics sinamics merged commit f85ab6d into main Aug 29, 2024
5 checks passed
@sinamics sinamics deleted the deviceid branch August 29, 2024 13:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
ztnet Main Application
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant