Provide possibility for stateless storage #17

valiafetisov · 2022-11-03T13:13:01Z

Describe the feature

Currently we store sessions on the server, but the is a known pattern to encrypt the data and store it on the client, removing a requirement for state preservation whatsoever. Possible implementation of this approach is vvo/iron-session (originally referenced in #15.

Known problems with this approach:

Storage size (cookie is limited to 4096 bytes)
Migrations/remote clearing of session

We should evaluate this approach and propose technical solution.
From my perspective it's a good candidate for the driver option (e.g. driver: 'stateless')

Additional information

No response

The text was updated successfully, but these errors were encountered:

valiafetisov added the enhancement New feature or request label Nov 3, 2022

valiafetisov mentioned this issue Nov 3, 2022

Remove session-jacking vulnerability #15

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Provide possibility for stateless storage #17

Provide possibility for stateless storage #17

valiafetisov commented Nov 3, 2022

Provide possibility for stateless storage #17

Provide possibility for stateless storage #17

Comments

valiafetisov commented Nov 3, 2022

Describe the feature

Additional information