wip session auth
This commit is contained in:
parent
aa4394fd21
commit
7b6c155a73
23 changed files with 321 additions and 90 deletions
16
Femto.Docs/Design/Auth/strong_vs_weak_session.md
Normal file
16
Femto.Docs/Design/Auth/strong_vs_weak_session.md
Normal file
|
|
@ -0,0 +1,16 @@
|
|||
# Strong vs weak sessions
|
||||
|
||||
a **strong** session is one that should have the power to do account level admin tasks like change password
|
||||
|
||||
|
||||
a **weak** session has strictly fewer privileges than a strong session
|
||||
|
||||
## where to get a strong session
|
||||
|
||||
a strong session is created when a user provides a username and a password. a session remains strong until it is refreshed, at which point it becomes weak.
|
||||
|
||||
## where to get a weak session
|
||||
|
||||
A weak session is any session that has not been directly created by user credentials, i.e.:
|
||||
* short-term session refresh
|
||||
* long-term session refresh
|
||||
Loading…
Add table
Add a link
Reference in a new issue