codingtomato
05/03/2022, 2:28 PMrp
05/03/2022, 2:29 PMcodingtomato
05/03/2022, 2:32 PMrp
05/03/2022, 2:34 PMverifySession
as usual.
During each even fire, you can auth the user in two ways:
- Method 1: Create a JWT using Session.createJWT
function and provide the user's ID in the payload. You can then pass this JWT to the frontend and verify it in each socket event.
- Method 2: Send the session's sessionHandle to the frontend and send that on each socket event. You can then query the supertokens core to get info (like the userID) from the session handle.
Method 1 is much faster since it's stateless verification, but method 2 is more secure since revoking a session will terminate the socket connection auth immediately.codingtomato
05/03/2022, 2:36 PM