How do I implement a keep me logged in feature?

Ask us anything How do I?
, ,
1

image
image449×634 16 KB

When the user checks the checkbox, it should keep him logged in, has anyone implemented something like this? I’m using xano as my backend. Thank you in advance!

2

It requires a refresh token function, which the Xano plugin currently doesn’t support. I have submitted a feature request with the WeWeb team previously. Was told they are discussing with the Xano team as it requires a snippet on their end.

1 Like
3

I heard of some people tapping into the Xano’s internals and actually refreshing the token, but it definitely wasn’t native to Xano. I think one of them was @kjb

1 Like
4

hi @Equipe-Cavinatti ,

I found Xano llm support agent to be extremely helpful. It provides detailed guides and helps a lot. So I asked about this particular issue:

image
image674×557 25.4 KB

image
image665×639 32.2 KB

2 Likes
5

Thank you guys! I’ll try, if I don’t come back is bacause it worked :rofl:

1 Like
6

Hi Batik, I found your solution really helpful, but in step 2 I can’t figure out how to do it, do you have a email where we can talk? Mine is equipecavinatti@gmail.com

7

sent you an email

8

hey @Equipe-Cavinatti ,

I decided to paste here my email to you. Maybe it will be helpful for someone.

This is a function stack example I created:

image
image1592×969 71.3 KB

image
image1575×1001 86.8 KB

1. Action 2.2. Add Record In session:

image
image756×945 46.3 KB

2. Action 2.3 Create Authentication Token (authToken):

image
image754×1039 37.1 KB

3. Action 2.4. Create authentication token (refreshToken):

image
image761×1040 37.8 KB

  1. Action 2.5. Add Record In refresh_tokens:

image
image776×1038 50.3 KB

The response processing of this endpoint should be:

  1. return authToken to frontend
  2. store refreshToken in secure HTTP-only cookie (as far as I know, Weweb doesn’t allow this)
  3. store session_id in frontend storage (local storage or a cookie)

After that, you need to create another “refresh endpoint”, which should receive the following as input data:

  1. session_id from local storage or a cookie
  2. refreshToken from secure HTTP-only cookie

Then it should validate that the session exists and hasn’t expired. And generate a new auth token.

You can also store token expiration timestamp in your frontend to be able to implement a proactive approach (to refresh authToken preemptively).

P.S. I may be wrong, but without a secure HTTP-only cookie this token-refreshing approach doesn’t make a lot of sense compared to enlarging authToken expiration itself.

It may be more useful in terms of session management, but not in terms of security. That’s my assumption. Maybe someone can confirm or deny this.