Replies: 1 comment 1 reply
-
|
I have a production site going live in about a week I've been working on in this stack. I read a couple different popular ways to implement it and decided upon one. Its the first to require browser/anonymous sessions so I wanted to give it some time to tweak before I put it in the stack - because I also refactored the auth toolchain of the stack to accomodate rbac, machine tokens, and different forms of validation much easier. To answer your question though, I used lucia's toolchain to facilitate in the implementation but its actual implementation is completely separate from Lucia's database adapter. It uses a different cookie I haven't had a need to track anonymous users but if someone can give me a good use case and I find myself wanting it in my apps, then i might add it. The browser session tracking is primarily driven as a better more accurate way to rate limit rather than on IP. |
Beta Was this translation helpful? Give feedback.
-
|
Just an update. The method I used was between tracking sessions and browser fingerprints. After trying both in production - i've decided to continue with cookies to track sessions for two reasons 1) friendlier on mobile 2) each fingerprint analysis adds ~50ms to each network request and I didn't like that one bit. I'll push my changes this weekend probably. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
I was wondering if anyone had ideas of how to implement anonymous sessions in this stack? I know the maintainer stated they are creating anonymous sessions for users in their private version of the repo and that Lucia doesn't really support this given the discussion going on here: lucia-auth/lucia#1475
Would the solution be to implement Lucia's methods manually without the user for anonymous and then Lucia for authenticated sessions? Thanks!
Beta Was this translation helpful? Give feedback.
All reactions