'What is SessionID and how to "implement it" in SSO

I have stumbled across a question "Already answered" in some places but I still have a doubt regarding SESSION_ID

Here is a very good answer

So basically the Idea is that I will have different domains/subdomains

  1. accounts.example.com (Equivalent to accounts.google.com)

  2. example.com (Equivalent to google.com)

  3. other-example.com (Equivalent to let's say: youtube.com)

  4. other-v2-example.com (Equivalent to blogger.com (Blogspot))

  5. If I visit example.com, other-example.com, other-v2-example.com and I don't have a session then I will be redirected to accounts.example.com

  6. After signing on at accounts.example.com and try to access any of the other websites then I will have a session and will be able to access content for that specific user.

The Question

Now, let's suppose I go to example.com, then I compare the credentials of the user against the ones in my DB.

The credentials are correct.

What should I do next?

  1. How do I generate the SESSION_ID? what should It contain? (Just a random string like a UUID?)

  2. After the session_id has been generated, how will the API(s) use it to identify a specific user?

  3. how would a middleware look like in a node.js app (express)?

3.1 Will it constantly need to query the database based on the SESSION_ID?

  1. Should I create a new table in my db to store SESSION_ID that links the user with it? (From my point of view this is what will make it work but I want to make sure)

I hope you can help me out with any resources, comments, suggestions, etc.

THANK YOU Very much in advance.

node.jssingle-sign-onsessionidanacondacondaanaconda3


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions