• r

    rp

    2 years ago
    so only the access token is sent in all requests. And the refresh token is sent only in the refresh session request.
  • tredstone

    tredstone

    2 years ago
    thanks for clearing that up. also, for sessionInfo, what usually goes in here?
  • r

    rp

    2 years ago
    That’s anything u want to store in the database associated with the session. It’s something that u can change over the lifetimes of that session...
  • r

    rp

    2 years ago
    It’s any object really. Whatever info you want
  • tredstone

    tredstone

    2 years ago
    ah i see
  • tredstone

    tredstone

    2 years ago
    i was thinking of keeping that empty (at least initially until i hit a point in my project where i need some additional info that i don't want to go in the jwtPayload)
  • r

    rp

    2 years ago
    Yea that’s fine. Remember that stuff u put in the jwtPayload cannot be sensitive info. And that info cannot change over the course of the session.
  • tredstone

    tredstone

    2 years ago
    ideally, i'd avoid User information lookups on each request. I'd like to keep those to: login, logout, create accounts
  • r

    rp

    2 years ago
    Sure. That’s perfect use of jetPayload. As long as it’s not sensitive info
  • tredstone

    tredstone

    2 years ago
    gotcha