drinchev
commented
12 years ago Hi, I was struggling with the same thing, and figured it out. You can check the gist here : https://gist.github.com/2266544 ( it is specifically for passport, but you can figure out and modify it for your needs )
ghost
Hi, I am building a one page web application. Once the user exists the page, he could be considered logged out. I was wondering if it was safe to verify if a user was logged in by comparing this.user.clientId with the value in the database when he logged in. I am also using SSL. Are there any risks of another user stealing the session of another user or getting hacked in any way?
Thanks, MightyCodder