Store token to later identify users

[chrboe]

I'm a bit confused as to how I should store the Spotify access token in order to identify users through multiple page accesses (i.e. keep a long running "session" open, saving the user's authorization grant).

Is the token itself safe to store in a cookie? Should I create a session ID and store that in a cookie instead (and use a map to associate it with a token)? Is there a better approach that I'm not aware of?

[chrisvdg]

Yes, I would map it with a session ID. Reduces the chances of the token getting leaked/sniffed/stolen/...

I also think this issue can be closed as it's not a direct issue related to the Spotify client but rather how to handle auth tokens.

[chrisvdg]

You can try this if working with gorilla/mux http://www.gorillatoolkit.org/pkg/sessions

[chrboe]

Thanks, I did end up implementing a map with randomly generated session IDs.

For the record, this wasn't an issue at all, just a question about the usage of the package :slightly_smiling_face: