Session/Cookie Authentication in Flarum

BitForger

Hey!

So I created a custom auth layer for my use case of Flarum and it's been working fine with the usual layers bundled turned off, however I do have a question as to how you are actually doing the cookie/session auth as I need to implement something similar.

So, can you walk me through what happens in the flow that makes essentially a persistent session for the user?

The reason I ask is because currently using sessions to save data has resulted in any time the page reloads the user loses their session data. I've been using the built in symfony way and assumed it'd handle all that for me.

luceos

BitForger Flarum is a SPA, it uses an API token to authenticate the user. Tokens are pretty long lived as they are created when you log in. Once you are inactive for over two weeks the token is invalidated (or if you log out manually). Sessions therefor are only used in the one specific API request. If you want to create something similar in a frontend, use the token; if you want to create something similar as backend, create an API.

I hope that answers the question.