Responsibility for session lifespan management #1207

davidoram · 2021-04-03T20:04:46Z

davidoram
Apr 3, 2021

Hi, I'm working on a blog post that describes integrating a Go application with Krytos.

One thing isn't clear to me is the recommended best practice for protecting routes that require that the user is logged in. I've started with middleware that calls the WhoAmI API on every request. My thinking is that then Krytos can expire the session as per its config (session.lifespan).

Is that the recommended approach?

Answered by aeneasr

Apr 4, 2021

Yes, that is recommended! We’re also working on a proxy which has some caching built in to make this stuff less costly. However it is the only way to ensure that when your users sign out they are signed out!

View full answer

aeneasr · 2021-04-04T07:25:34Z

aeneasr
Apr 4, 2021
Maintainer

Yes, that is recommended! We’re also working on a proxy which has some caching built in to make this stuff less costly. However it is the only way to ensure that when your users sign out they are signed out!

1 reply

davidoram Apr 4, 2021
Author

Many thanks @aeneasr 👍

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Responsibility for session lifespan management #1207

{{title}}

Replies: 1 comment 1 reply

{{title}}

{{title}}

Select a reply

Responsibility for session lifespan management #1207

davidoram Apr 3, 2021

Replies: 1 comment · 1 reply

aeneasr Apr 4, 2021 Maintainer

davidoram Apr 4, 2021 Author

davidoram
Apr 3, 2021

Replies: 1 comment 1 reply

aeneasr
Apr 4, 2021
Maintainer

davidoram Apr 4, 2021
Author