What would be the best way to check if the user is logged?


#1

So I want to make sure a user is logged so that he can edit some content. I found out about check and getUser with JWT, but each time, I used an old token (1 month old that was saved in Postman), it returned me some data.
My question is: how do I make sure the token belongs to a specific user and is still up to date so that provest the user has logged recently?

Thank you in advance


#2

If you will make use of the auth middleware, then it will validate the token for you and set the user property on the auth object.

Regarding the old token, it all depends upon the expiry you have defined for the token. If it was set to 1year, then 1month is not old


#3

I ended up doing this, I created a route that returns “ok” but has the “auth” middleware, and from my front-end, I check wether the response is 200 or 401. 200, the user is logged, 401, he’s not.

Thank you!


#4

I use persona with the jwt scheme. Make use of refresh tokens that I send in the initial login response. When the regular token expires, the client receives an appropriate 401 response, prompting them to refresh, they do so with their stored refresh token, are issued a new jwt token, and retry their initial request. I invalidate refresh tokens on logout, password reset, etc.

Seems to work nicely.