faustinoaq changed the topic of #amber to: Welcome to Amber Framework community! | https://amberframework.org | Developer happiness, productivity and bare metal performance | GH: https://github.com/amberframework | Docs: https://docs.amberframework.org | Gitter: https://gitter.im/amberframework/amber | IRC Logger: https://irclog.whitequark.org/amber | Amber::Server.start
feepbot has quit [Remote host closed the connection]
feepbot has joined #amber
<FromGitter> <elorest> @alex-lairan In most cases I'd seriously recommend using encrypted sessions instead of JWT's if you have have control of both the client and api. See discussion above. https://gist.github.com/elorest/96b2636ab59fd57798fe5c301bd34449
<FromGitter> <alex-lairan> Thanks @Blacksmoke16 @elorest ⏎ ⏎ No I don't have control of the front end :( ⏎ ⏎ I had an idea, when a login is performed, I set in redis a secure random key with an expiration of 5 minutes. ... [https://gitter.im/amberframework/amber?at=5cad9ccabd70a40d5f26951c]
<FromGitter> <drum445> @elorest Amen, you see so many people forcing the usage of JWT's when a cookie based session would work a lot better.
<FromGitter> <alex-lairan> @elorest I don't understand the goal of this line : `session[%w(a b c d e f g h i j k l m n o p).sample] = Time.now.to_s` ^^
feepbot has quit [Ping timeout: 246 seconds]
feepbot has joined #amber