Answer the question
In order to leave comments, you need to log in
Does it make sense to check the presence of a user in the database when the secret key is unknown outside?
Hello, I have implemented an authentication system through cookies. Upon login, a token is generated for the user and stored with the key. When a user enters a page that should deny login to users who are not already logged in, you need to redirect or take some other action.
Here's what the code looks like:
authorization = False
cookie_key = request.cookies.get(self.cookie_key)
try:
jwt.decode(cookie_key, self.secret, self.algorithm)
authorization = True
except jwt.exceptions.DecodeError:
pass
return authorization
payload = jwt.decode(cookie_key, self.secret, self.algorithm)
username = payload.get['sub']
user = db.get(username)
if not user:
pass
Answer the question
In order to leave comments, you need to log in
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question