Develop mechanisms for secure token handling, including session validation and invalidation and token refresh to maintain user sessions. This requires handling sensitive session data securely on the server.
Investigate token lifespan and refresh strategies.
Session handling
Implement session management with Ory Kratos to validate user sessions for every request. This involves setting up checks in the loaders to check session validity through Kratos' endpoints for all loader functions, ensuring users are authenticated before accessing any resources.
Handle logout, expiry, invalidation etc.
Consider what should happen to access tokens when a user signs out
Understand storage for invalid or expired tokens
Do we want to invalidate tokens upon logout or keep them and reuse them, how to manage 'dangling' tokens then
Context
Auth Token Handling
Time Estimate
2 days