-
Notifications
You must be signed in to change notification settings - Fork 426
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
refresh session cookies #194
Comments
Any news on this? |
2023 and still nothing...whats firebase doing |
I have the same issue, I found a kind of solution but I'm not sure it is secure enough and I'm not sure is a valid way, I never tried this in prod but just play with it locally but, maybe it can help:
I use this in a refresh endpoint so you call that whenever you want to refresh the cookie |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I would like to set the session lifetime for the client to 6 hours. And if the user logged in and did not take any action during this time, then log out him and redirect him to the login page. But if the user has been making requests to the server with a valid token for 6 hours, I would like to update this token and start the token lifetime again.
If I follow the instructions according to the firebase session cookies documentation found here https://firebase.google.com/docs/auth/admin/manage-cookies?hl=en
I can generate the session token on the server in exchange for a idToken and return the session ID to the client as a cookie. And after that we only use the session token between client and server as cookie, We can also check if the session has expired using verifySessionCookie.
but i can't figure out a way of refreshing the session cookie without telling the user to sign in again.
could you help me understand how this can be implemented?
The text was updated successfully, but these errors were encountered: