botris.social/femto-backend
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
femto-backend/Femto.Docs/Design/Auth/RememberMe.md
john 7b6c155a73 wip session auth
2025-05-29 00:39:40 +02:00

994 B
Raw Blame History

Remember me

We want to implement long lived sessions

we will do this with a remember me cookie

this should be implemented as so:

logging or registering and including a "rememberMe" flag with the request will generate a new remember me token, which can be stored as a cookie .

the remember me token should live until:

  • the user changes password anywhere
  • the user logs out on that device
  • the user logs in with an expired session, in which case the remember me token will be used to refresh the session, and then it will be swapped out for a new one

that means we need to implement three spots:

  • login
  • register
  • validate session

we will implement it as described here

we will only check the remember me token in "validate session".

"refresh session" is only called with valid sessions so we do not need to check it here, as the session should already have been validated