Session token - MSUTashkent/RoomServer GitHub Wiki

Temporrary user-session key for logged in users. When user pass through /auth the record is created in DB and associated with this user.

As soon as the Server is RESTful it has no state. For managing user session we use session-tokens. When user is successfully authenticated he gets temporary session-token -- some hash value unique for each user and this session-token is used for managing user access rights, user infos (e.g. name) and etc. The token is deleted after user logout or when it is outdated (the expiration date is gone).

At least the DB Record should contain

value : String, //hash value
user_id : Integer, //the foreign key to the users table
created : DateTime, //date of creation
expiration-date : DateTime, //date of expiration of the token

if it is expired the user gets error. And when the user gets new token previous one gets deleted.