This is more of a question rather than I have a problem, I made the following code trying to authenticate an user,
Code
router.get('/opskins', (req, res) => {
var randomState = Math.random().toString(36).substr(2, 8),
auth = 'https://oauth.opskins.com/v1/authorize?client_id=8a890e2cb8ba&response_type=code&state='+randomState+'&scope=identity';
req.session.state = randomState;
res.redirect(auth);
});
router.get('/opskins/redirect', (req, res) => {
var query = req.query;
if(query.error){
res.send('There was an error trying to finish the authentication process. ('+query.error+')');
return;
}
res.send('Retrieved state: ' + query.state + ', Initiated state: ' + req.session.state);
});
after watching some videos on sessions I still don't entirely get it, would the above code function correctly as in not interfere with someone else his session? As the code works but he is being redirected and then the user is being redirected back, how come that still state's still match? (one state is provided as callback and the other I get from the session)
Would this not interfere with other users trying to login at the same time?
Sessions are associated with a given browser session using cookies.
Remembering that a session belongs to a browser between multiple requests from that browser, and not mixing them up with sessions belonging to other browser is the entire point of sessions.