Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Examples of multiple session cookies #317

Closed
atonyba opened this issue Feb 23, 2021 · 3 comments
Closed

Examples of multiple session cookies #317

atonyba opened this issue Feb 23, 2021 · 3 comments

Comments

@atonyba
Copy link

atonyba commented Feb 23, 2021

Awesome project, nicely done!

For those that work with auth tokens, the 4k size limit on a cookie is a challenge. After storing a token and refresh token, there isn't sufficient room left over for storing much else. Given that the session options includes a required parameter of cookieName, I assume that there is a way to channel session storage to different cookies.

I'm using an Express site, registering the middleware in the www.js. When I try to employ a second middleware registration with a different cookieName, Express doesn't seem to like this. In my routes file, creating another reference to next-iron-session to register a different cookie name doesn't seem to create a second cookie in the response.

Do you have any examples of how to use multiple cookies to overcome the 4k size limit? Is this even something that is supported?

Many thanks!
@asciant
Copy link

asciant commented Apr 19, 2021

@atonyba did you have any luck getting this working?

I too have a use case for this too, and came here looking for information on whether it is supported/possible.

@vvo
Copy link
Owner

vvo commented May 6, 2021

@atonyba There's no support currently for going over 4k. I'd say that your best option is not to store token + refresh token in the cookie itself but rather only use the cookie to identify the person (id) and then get the token via a regular API call (on your side, like /user) and cache this route in memory + expiration (if you're dealing with an SPA), or cache it via HTTP headers for like 10 minutes.

The advantage of this is that you can control on your side the data and invalidate it when you want.

PS: Not sure why you're storing tokens inside the cookie itself, is your token used for an external API afterward?

About allowing multiple instances of next-iron-session, that's a good idea but we would have to allow naming the req.session property (like req.session2..) or better: require people to call a method to get the session object instead of extending req.

@asciant can you tell us more about your usecase?

@vvo vvo closed this as completed May 6, 2021
@vvo vvo reopened this May 6, 2021
@vvo vvo closed this as completed Jun 8, 2021
@vvo
Copy link
Owner

vvo commented Jun 8, 2021

Not in scope of the library

@vvo vvo reopened this Jun 8, 2021
@vvo vvo closed this as completed Jun 8, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@asciant @vvo @atonyba