Software Engineering Asked by Inx51 on January 19, 2021
I’m currently building a facade that’s supposed to be in front of a system we are currently using. This system has its own API, but we have decided to simplfy things, and therefore the facade.
However, this system requires the consumer to log in using Forms authentication. Once the consumer has signed in, the system sets two cookies. These cookies are later on used for the authentication and both cookies will eventually expire (after 1800s).
Since I’m building a facade that’s supposed to be consumed by others later on, should I somehow store the cookies that the other system generates for re-use when the same user tries to use my facade? Since that seems like a potential safety risk. Or should I simply re-authenticate all requests again as soon as a user uses my facade? This facade will also be load balanced, which complicates things a bit since I would prefer to not store any tokens in a database, but on the other hand, if I don’t, the tokens won’t be re-used between all the server nodes.
What’s the common practice for a scenario like this? Basically this would be our infrastructure and the “flow” of the request:
[User] -AUTH-> [Facade] -AUTH-> [System]
The best and safe option is reuse the generated tokens. The tokens exists and have an expiration date for some reasons:
To store the tokens and reuse then among the servers, you can use a Redis server and not a database to store them. Spring Session use the same idea to share a http session among the server.
Also, I could not understand how you think to manage re-authenticate all requests without asking the user/password for the user on each request or saving the user/password somewhere. Both options seems a bad idea to me.
Answered by Dherik on January 19, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP