starter-fullstack icon indicating copy to clipboard operation
starter-fullstack copied to clipboard
verified publisher icon NamesMT

Add a non-cookie session manager for different domains usecase.

Open NamesMT opened this issue 1 year ago • 1 comments

Currently our session manager & authentication flow uses an automatic user detection based on session cookies with hono-sessions, this allows a super great DX working with APIs from the backend.

But chrome is phasing out 3rd-party cookies, we need to add another session manager to support usecases where we use different domains for the frontend and backend, maybe a Bearer JWT that contains the session id? Where would we store the session data?

NamesMT avatar Jun 08 '24 05:06 NamesMT

I think I've implemented a very good base for a header-based session manager, it's still not fully finished though, you can see it and give your idea here: https://github.com/NamesMT/starter-fullstack/blob/main/apps/backend/src/middlewares/session.ts#L49

NamesMT avatar Jun 10 '24 10:06 NamesMT