Add a non-cookie session manager for different domains usecase. #9

NamesMT · 2024-06-08T05:47:46Z

Currently our session manager & authentication flow uses an automatic user detection based on session cookies with hono-sessions, this allows a super great DX working with APIs from the backend.

But chrome is phasing out 3rd-party cookies, we need to add another session manager to support usecases where we use different domains for the frontend and backend, maybe a Bearer JWT that contains the session id? Where would we store the session data?

The text was updated successfully, but these errors were encountered:

NamesMT · 2024-06-10T10:29:03Z

I think I've implemented a very good base for a header-based session manager, it's still not fully finished though, you can see it and give your idea here:
https://github.com/NamesMT/starter-fullstack/blob/main/apps/backend/src/middlewares/session.ts#L49

NamesMT added the help wanted Extra attention is needed label Jun 8, 2024

NamesMT changed the title ~~Refactoring the authentication flow before 2025~~ Refactoring the authentication flow? Jun 8, 2024

NamesMT changed the title ~~Refactoring the authentication flow?~~ Add another session manager that doesn't depends on cookies Jun 8, 2024

NamesMT changed the title ~~Add another session manager that doesn't depends on cookies~~ Add a non-cookie session manager for different domains usecase. Jun 8, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add a non-cookie session manager for different domains usecase. #9

Add a non-cookie session manager for different domains usecase. #9

NamesMT commented Jun 8, 2024 •

edited

Loading

NamesMT commented Jun 10, 2024

Add a non-cookie session manager for different domains usecase. #9

Add a non-cookie session manager for different domains usecase. #9

Comments

NamesMT commented Jun 8, 2024 • edited Loading

NamesMT commented Jun 10, 2024

NamesMT commented Jun 8, 2024 •

edited

Loading