Conversation
|
|
||
| //upload files to server | ||
| Axios.post(`${process.env.REACT_APP_SERVER_URL}/api/upload`, formData, { | ||
| withCredentials:true, |
There was a problem hiding this comment.
mentioning withCredentials:true will ensure that the cookies are sent to the server with every request.
| }) | ||
| console.log("saving user") | ||
| await user.save(); | ||
| res.cookie('didToken',didToken,{httpOnly:true}) |
There was a problem hiding this comment.
Remember I commented the window.localStorage.setItem("didToken", newDidToken); well I did that for this. This is setting the token ass httpOnly cookie in the response header so whenever client receives this response , client will automatically save the token in the browser cookie and I have passed httpOnly:true because by mentioning this it will ensure that it will not be accessible from client javascript.
client/src/pages/signin/Signin.jsx
Outdated
| await setUser(userMetadata); | ||
| let newDidToken = await magic.user.getIdToken({ lifespan: 24 * 60 * 60 * 7 }); | ||
| window.localStorage.setItem("didToken", newDidToken); | ||
| // window.localStorage.setItem("didToken", newDidToken); |
There was a problem hiding this comment.
We need to store the didToken in the cookie storage.
There was a problem hiding this comment.
Yes and we are doing that. window.localStorage.setItem("didToken", newDidToken); will save the token in the local storage but we want to store the token in the cookies. So I am sending the token to the server and when response comes back it will automatically set the token in the cookis.
|
@anomic30 can you please tell me why the below code is returning null. |
|
@anomic30 please help me I could not understand why it is returning null. |
2 participants
I am rewriting the token storage and validation logic in a more secure way.
Fixes #9
Type of change
Checklist: