Current section: User Sessions 5 exercises

Secure Cookie Session Storage

Loading solution


00:00 So, this is going to be a util and that's going to be session.server.ts and it's pretty similar to our toast session storage, so I'm going to copy this and paste it right here. We're going to export this and we're going to call it simply session storage.

00:16 It'll be create cookie session storage from RemixRunNode and then the name of this one, it's got to be different. We can't have two session storages competing for the same name, so we're going to call this en session, that's en for epic notes, and then same site and path and HTTP only,

00:33 all this stuff is perfectly fine and so yeah, that's actually, that's it. We have all the config that we want for a secure place to store our user information. Now I say it's a secure place to store it, that does not mean that it will be secret. Just because we have these secrets doesn't mean that the contents of what's in this cookie

00:53 will be secret from the user. But it won't be accessible by our client-side JavaScript and we are going to sign it so that it will be protected so like users can't just make their own sessions themselves. We are the only ones who can make that and it will be secure on HTTPS.

01:12 So we're all good here.