-
Is there a recommended pattern for returning both the access token and refresh token in the session cookie? Both of these tokens will result in an ecnoded size over 4kb which is the maximum cookie size for most browsers. At the moment I am thinking about storing the refresh token in a seperate cookie. |
Beta Was this translation helpful? Give feedback.
Answered by
sergiodxa
Apr 5, 2022
Replies: 1 comment
-
I would store them in the DB then, also the size of those tokens depends on the provider I imagine, the access token on GitHub for example is a short string. if your tokens are too big to use a single cookie, you could call authenticate without a success redirect, get the tokens and store them on individual cookies as you said. |
Beta Was this translation helpful? Give feedback.
0 replies
Answer selected by
sergiodxa
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I would store them in the DB then, also the size of those tokens depends on the provider I imagine, the access token on GitHub for example is a short string.
if your tokens are too big to use a single cookie, you could call authenticate without a success redirect, get the tokens and store them on individual cookies as you said.