impress-2020

dice/impress-2020

Fork 0

forked from OpenNeo/impress-2020

Commit graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Matchu	28060d4d16	Whoops, actually include `createdAt` in auth tokens Right, I had that idea while writing the comment, then forgot to actually do it lmao This is important for session expiration: we don't want you to be able to hold onto an old cookie for an account that you should be locked out of. Updating the `createdAt` value requires a new signature, so the client can't forge when this token was created, so we can be confident in our ability to expire them.	2022-08-17 01:07:47 -07:00
Matchu	c478e6d88c	Tweak the phrasing of an auth-by-db comment Oh, I said two different things were "finally", whoops lol	2022-08-17 01:00:54 -07:00
Matchu	4d0c48ab7c	Login form checks the db, and saves a cookie Okay so one of the trickiest parts of login is done! 🤞 and now we need to make it actually show up in the UI. (and also pressure-test the security a bit, I've only really checked the happy path!)	2022-08-17 00:58:52 -07:00

Matchu

28060d4d16

Whoops, actually include createdAt in auth tokens

Right, I had that idea while writing the comment, then forgot to actually do it lmao

This is important for session expiration: we don't want you to be able to hold onto an old cookie for an account that you should be locked out of. Updating the `createdAt` value requires a new signature, so the client can't forge when this token was created, so we can be confident in our ability to expire them.

2022-08-17 01:07:47 -07:00

Matchu

c478e6d88c

Tweak the phrasing of an auth-by-db comment

Oh, I said two different things were "finally", whoops lol

2022-08-17 01:00:54 -07:00

Matchu

4d0c48ab7c

Okay so one of the trickiest parts of login is done! 🤞 and now we need to make it actually show up in the UI. (and also pressure-test the security a bit, I've only really checked the happy path!)

2022-08-17 00:58:52 -07:00

3 commits