back to index
How sessions work. Login to get a token, send it on every request, logout when done.
Not that hard see?
- Login
POST /auth/login authenticate and get a session token
- Logout
POST /auth/logout kill yourself
- Status
GET /auth/status check if your session is still alive and when it kills itself
- Clear Sessions
POST /auth/clear-sessions adminier: nuke all sessions for a specific user
- call
/auth/login with credentials using ur sign in methodick.
- get a magic session token back
- send that token as
Authorization: Bearer <token> on every damn request after that
- when youre done call
/auth/logout to kill yourself
- sessions expire after a configurable timeout if you dont use them
Sessions should optionally be able to persist across server restarts (server should only store a hash of the token in the database, never the raw token itself obviously). On restart it loads them hash brownies back.
Each user should have a max number of concurrent sessions (configurable). When you go over the limit the oldest session gets deported to hell automatically to make room for the new one.
