Question about persistent user session

Develephant · April 22, 2018, 3:23pm

Hi,

If you just wanted to implement something simple here is one example:

Server-side API

local api = core.api() function api.encryptSession( input ) local crypto = require("crypto") local sessionSecretKey = "1282a8d89b4d2ae466667b1e6e5f846183feb2c6405408a843a04cd7e1b706be" local sessionId = crypto.encrypt("aes256", input.user\_id, sessionSecretKey) sessionId = core.encode.b64(sessionId) return { session\_id = sessionId } end function api.decryptSession( input ) local crypto = require("crypto") local sessionId = core.decode.b64(input.session\_id) local sessionSecretKey = "1282a8d89b4d2ae466667b1e6e5f846183feb2c6405408a843a04cd7e1b706be" local userId = crypto.decrypt("aes256", sessionId, sessionSecretKey) return { user\_id = userId } end return api

Your client-side calls would look something like:

--# Encrypt local function onEncryptSession(e) if (e.result.session\_id) then local sessionId = e.result.session\_id -- Store the sessionId to a file (not shown) end end core.api.encryptSession({user\_id="\<user-id\>"}, onEncryptSession) --# Decrypt local function onDecryptSession(e) if (e.result.user\_id) then print(e.result.user\_id) -- the users id end end -- Get the sessionId from stored file (not shown) core.api.decryptSession({session\_id=sessionId}, onDecryptSession)

core.encode/decode is an internal api that isn’t documented at this time.

-dev

Develephant · April 22, 2018, 3:28pm

Hi,

You could pass up some extra items from the device (id or something) to customize the sessionSecretKey even more.

-dev

Benzeliden · April 22, 2018, 4:43pm

Thanks, I will implement something like this

Just not sure if asking for permissions to retrieve deviceId on android worth it

anaqim · April 22, 2018, 5:27pm

cant have your cake and eat it mate

Develephant · April 22, 2018, 7:08pm

Good point. I didn’t think about that.

-dev