This repository has been archived by the owner on May 8, 2018. It is now read-only.
Grendel sessions #4
Comments
|
Sam and I talked about this — we'd need to cache the UnlockedKeySet of the user in memory. |
|
I thought the way to handle this is to would store a key in the cookie, and the UnlockedKeySet, encrypted with that key on the server. Link the two with a database id (since more than one user will be logged in) Something wrong with that ? Stephan |
|
Stephan — that's not at all different from how Grendel uses |
|
Then I guess I don't quite understand the original question. Isn't the "key in the cookie" I mentioned going to be the "session handle" that precipice is asking about? Stephan |
|
No. It would be a random session ID. We already have this designed; this ticket is just a reminder for us to actually implement it. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
It would be good to be able to have a session handle that would allow access to Grendel without having to store the plaintext password during the session. For instance, let me create a session on user login, use that session during the user's session on the site, and destroy it when they log out.
The text was updated successfully, but these errors were encountered: