You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Why do we pass the JWT token to the client given that it is saved in the express-session? Maybe we could pass the sessionid to the client instead, and then do a comparison on that, and if it matches then proceed to use the token thats stored in express?
Ok, I see the point now, some requests are proxied through sapper and some go straight to the API, (ie in the articles). I think either it should be one way or the other to be more clear?
Why do we pass the JWT token to the client given that it is saved in the express-session? Maybe we could pass the sessionid to the client instead, and then do a comparison on that, and if it matches then proceed to use the token thats stored in express?
Passing to the client: (user contains the token) https://github.com/sveltejs/realworld/blob/master/src/routes/auth/register.js#L8
When we actually consume the token from the /auth folder we retrieve it from the express session, not the client:
https://github.com/sveltejs/realworld/blob/master/src/routes/auth/save.js#L6
maybe I'm missing something
The text was updated successfully, but these errors were encountered: