iedan Comments - Answer Overflow

iedan

•Created by iedan on 4/28/2025 in #help

Is it possible to get the user id from the cookie without having to verify to user and hit the DB?

That works fine for user sessions but not really for api keys. Unless you're suggesting to use JWT for both... But then you can't get the immediately revoked behavior of API keys when deleting them

6 replies

BABetter Auth

•Created by iedan on 4/28/2025 in #help

Is it possible to get the user id from the cookie without having to verify to user and hit the DB?

The easier thing is just to do the validation yourself in this case I think... What I ended up doing was just getting the sessionToken / apiKey and sending that in my request to the DB. Then I would just join in the user id in my query so that I didn't have to make the extra trip... This is what that looks like for me:

const cookie = getSessionCookie(request.headers);

const sessionToken = cookie?.split('.')[0] ?? null;
const apiKey = request.headers.get('x-api-key');

// send sessionToken and apiKey to the server and get the userId by joining on the session and apikey tables

const cookie = getSessionCookie(request.headers);

const sessionToken = cookie?.split('.')[0] ?? null;
const apiKey = request.headers.get('x-api-key');

// send sessionToken and apiKey to the server and get the userId by joining on the session and apikey tables

6 replies

Gaming

Programming