Closed chrboe closed 5 years ago
Yes, I would map it with a session ID. Reduces the chances of the token getting leaked/sniffed/stolen/...
I also think this issue can be closed as it's not a direct issue related to the Spotify client but rather how to handle auth tokens.
You can try this if working with gorilla/mux http://www.gorillatoolkit.org/pkg/sessions
Thanks, I did end up implementing a map with randomly generated session IDs.
For the record, this wasn't an issue at all, just a question about the usage of the package :slightly_smiling_face:
I'm a bit confused as to how I should store the Spotify access token in order to identify users through multiple page accesses (i.e. keep a long running "session" open, saving the user's authorization grant).
Is the token itself safe to store in a cookie? Should I create a session ID and store that in a cookie instead (and use a
map
to associate it with a token)? Is there a better approach that I'm not aware of?