Sessions - robinsr/FantasySlackr GitHub Wiki

The DB will set a session when a user logs in and respond with a session id. Use this session id to validate ajax requests. Im thinking the best method for declaring a session id would be in the response authorization header.

The response would be something like:

HTTP 200

{
  "session":"00c66aaf5f2c3f49946f15c1ad2ea0d3"
}

Sessions will timeout after 30 minutes of no activity (no requests made) and the server will respond:

HTTP 400

{
  "error":"Invalid username or password"
}

Otherwise if the session is valid then the response will be normal with no information about the session and the session timeout will be reset to 30 minutes.