I have stumbled across a question "Already answered" in some places but I still have a doubt regarding SESSION_ID
Here is a very good answer
So basically the Idea is that I will have different domains/subdomains
accounts.example.com (Equivalent to accounts.google.com)
example.com (Equivalent to google.com)
other-example.com (Equivalent to let's say: youtube.com)
other-v2-example.com (Equivalent to blogger.com (Blogspot))
If I visit example.com, other-example.com, other-v2-example.com and I don't have a session then I will be redirected to accounts.example.com
After signing on at accounts.example.com and try to access any of the other websites then I will have a session and will be able to access content for that specific user.
The Question
Now, let's suppose I go to example.com, then I compare the credentials of the user against the ones in my DB.
The credentials are correct.
What should I do next?
How do I generate the SESSION_ID? what should It contain? (Just a random string like a UUID?)
After the session_id has been generated, how will the API(s) use it to identify a specific user?
how would a middleware look like in a node.js app (express)?
3.1 Will it constantly need to query the database based on the SESSION_ID?
- Should I create a new table in my db to store SESSION_ID that links the user with it? (From my point of view this is what will make it work but I want to make sure)
I hope you can help me out with any resources, comments, suggestions, etc.
THANK YOU Very much in advance.
