#barney-laurance_best-practices

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1280931927481647196

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

Storing in cookies is fine. As long as it doesn't persist beyond the session

Our site doesn't use any backend session - instead we issue a JWT from the backend identity provider and store it in a session cookie. So given @dim osprey answer I saw after typing the first half looks like it will make sense to add the client secret as a claim in this JWT.

Thanks

@dim osprey do you know how long the customer sessions generally last, if there are any guarantees or if we have any control of that? We are setting our JWTs to expire after 8 hours.

30 minutes should be the expiration time as far as I know

@dim osprey thank you, looks like I'll have to keep it somewhere other than our 8 hour JWT then. Going to try and find good place for it tomorrow.