How to store login info

Say you’ve logged a user in. Now what?

You can pass that login info back and forth between the server and user’s browser, but that just seems bad, doesn’t it? What if the user tampers with the login ID and poses as someone else?

Oh, I know, you can keep the session info just on the server side. Maybe store it in memory or in a database, and then look it up whenever the user’s session ID is passed back. But does this scale? How much memory do you need and is it worth doing a database lookup on every request?

Another option is to send the login info in the session to the client, but make it tamper-proof. In other words, encrypt it.

Here’s how to do that in nodejs:

Continue reading here

Tagged , , ,

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: