|
|
|
|
|
|
by ocharles
4742 days ago
|
|
|
> The most direct way that comes to mind for solving this type of problem is to send the client just a random identifier and have the server look it up in a persistent store upon use. This is my preferred approach. I generate random 128-bit integers (using a random number generator who's purpose is to be used for cryptography purposes, so it's hard to observe) and store these in Redis with a year expiry, and send them back to the client to store in a cookie. When this token in the cookie is used, the TTL on the token is reduced to 5 minutes, which lets power users up multiple tabs at once. It's the simplest, but also most robust way, I've found to deal with this. The cleverer I try and be, the more I tend to mess these things up. |
|
|