#Creating a session cookie with astro.cookies

I'm currently trying to implement my own authentication with the crypto module and astro.cookies.
As of right now in my login api route, it compares the password in the request with the hashed password stored in my db. Now I want to create a session and store it as a cookie on the client but I'm unsure of how that works. How should I create a session and store it in my postgres db?
This is my current code: https://sourceb.in/kdU2sEmtAr

Can I just generate a random string as session id and store that in my database with the userid and in the cookie? If so how would I make my database automatically delete the row when the maxAge is hit?

when it comes to authentication and sessions, there could be numerous ways how it could go wrong, in order to make your path easier, it could be helpful to take a working reference for the whole process and then compare side by side with your project. What I did, is I went with the safe path of using expressjs and passportjs on top of Astro SSG. You can see the express server it in thie directory https://github.com/MicroWebStacks/astro-big-doc/tree/main/server
The "session" is a browser concept that guarantees that authentication does not leak from one session to another but stays valid across pages of the same session.

Here’s an interesting article, I’ve been following along as your progress through this project so please keep us in the loop! I can’t help much, but once you get things up and running you should totally make a blog post

https://www.okta.com/identity-101/what-is-token-based-authentication

@supple raven @dire scarab Thank you guys! I've already done my authentication system and for the cookies I generated a session ID which I put into the database and in the cookie. Whenever someone tries to open the site it checks if the sessionID in the cookie is in the database.