Auth Solution
Researching token vs session based auth has been a pain. In my "design" i have two services, an api and a websocket and theres a possibility i will have a third, i need auth on all of these. Session auth seems to be the most basic, it also seems like it would be a pain to deal with as, afaik, you cant share cookies between domains. and everything ive read says you shouldnt store sessions in local storage. im very unsure of token based auth, i can find a lot of articles on it, but not really any that explain it in a way i properly understand. These services will be used in a a spa and mobile app. i would like to be able to logout clients from the server and clients to be able to remotely logout their other devices. could someone give me a good explanation/comparison and help me find the correct solution?
Similar Threads
Was this page helpful?
