How to store login info

Say you’ve logged a user in. Now what?

You can pass that login info back and forth between the server and user’s browser, but that just seems bad, doesn’t it? What if the user tampers with the login ID and poses as someone else?

Oh, I know, you can keep the session info just on the server side. Maybe store it in memory or in a database, and then look it up whenever the user’s session ID is passed back. But does this scale? How much memory do you need and is it worth doing a database lookup on every request?

Another option is to send the login info in the session to the client, but make it tamper-proof. In other words, encrypt it.

Here’s how to do that in nodejs:

Continue reading here

Advertisements
Tagged , , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: