Hacker News new | ask | show | jobs
by user5994461 2314 days ago
This just made me realize. There is an even simpler way to achieve the same result without a database.

The token includes the time when it was created (iat attribute) so critical actions could check that the token is less than 3 minutes old.
1 comments
gorgonian 2314 days ago
Yeah that’s what I did, with iat info. But I did that for every request, and critical actions always hit the db.
link