jwt-redis-session icon indicating copy to clipboard operation
jwt-redis-session copied to clipboard

Published 20 hours ago verified publisher icon azuqua

Ugh: Cookie Support so session can survive OAuth / redirects

Open ryan-kimber opened this issue 8 years ago • 2 comments

I hate to have to ask for this, but there are cases where you need a browser to follow a 302 redirect (handling social authentications, for example). Unfortunately, there's no way to instruct a browser to send an auth header when the redirect happens, so the session would be lost during the redirect.

Allowing the JWT to also be stored in req.cookies[options.requestArg] would allow this module to be used in these cases.

While my own gut reaction to using a cookie in this case is that it's antithetical to the idea of JWT, further reading has shown me that's not the case.

ryan-kimber avatar Nov 30 '16 22:11 ryan-kimber

On the surface it does smell a bit weird, but this seems reasonable. I'll add it in the next push, which should go up early next week.

aembke avatar Dec 02 '16 19:12 aembke

Now being tracked here: https://github.com/azuqua/jwt-redis-session/pull/21

aembke avatar Mar 31 '17 21:03 aembke