<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008C3jZ3SAJOkta Classic EngineIntegrationsAnswered2024-04-16T10:29:15.000Z2017-09-05T02:13:45.000Z2018-03-13T00:07:08.000Z

pkjce (pkjce) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:19 AM
What is the best practice to validate sessionToken without having to recreate a new sessionId each time?

I would like to validate the user upon every API request, and I believe this means making a GET request to https://{{url}}.oktapreview.com/api/v1/sessions/{{sessionId}}. However, I think it is unsafe to store the sessionId on the client side (ie. a cookie), and we are trying to avoid having to store anything server-side, so I'm wondering if there is some built in way to validate sessionTokens. Does anyone know the proper protocol for validating a user that has a client-side sessionToken, that we pass to the server each request? 

Would this require us to store the sessionId on the server somewhere (ie. database or memory), associated with the given sessionToken?

 

Thank you,

Ryan

  • 1 answer
  • 3.34K views
This question is closed.
Loading
What is the best practice to validate sessionToken without having to recreate a new sessionId each time?