mds1256 Posted April 18, 2018 Share Posted April 18, 2018 Hi I am wanting to create a login for a portal I have created and want to use access tokens. These tokens expire after 60 minutes when they need to refresh (refresh token will also be sent to the client). How do I achieve this, when the authentication request succeeds (e.g. login with username and password) do I set a client side cookie that has the access_token and refresh_token values along with a cookie expiry? Thanks Link to comment Share on other sites More sharing options...
ginerjm Posted April 18, 2018 Share Posted April 18, 2018 ??? You simply create a cookie FROM THE SERVER in the script that authenticates the access. Then wherever you need to check for a proper signon, in each script you simply check for the existence of that cookie. You can also store (perhaps) a value or two in the cookie if you need to know something about the user. DO NOT STORE any sensitive info in the cookie Link to comment Share on other sites More sharing options...
requinix Posted April 18, 2018 Share Posted April 18, 2018 What you've described is functionally identical to normal sessions with a "remember me" cookie. Link to comment Share on other sites More sharing options...
mds1256 Posted April 18, 2018 Author Share Posted April 18, 2018 Thanks, just wanted to check the method I was going to use. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.