I'm working on a multi role Node Application which uses express-session, Redis and MongoDB. The application has a primary account under which there can be multiple users from different accounts with corresponding roles who can be logged in at one time.
The database has documents with many to many relations. When a user is logged in, then the session would exist for some definite time. I'm using middleware to verify the user for any subsequent requests to the API after they have successfully logged in.
Let's say two users are working with the documents under the same account and their sessions were already created some time before. What's the best practice to verify if the account still exists for other user if one user deletes the account.
I see two scenarios :-
- Check if the account exists on every request in the middleware. I'm just worried about the load it would put on the database. As every request that comes in would first need the account to be verified if it exists or not.
- Instead of verifying in the middleware. Checking if the account exists when updating the documents. In this scenario i would be putting repeatable logic to verify existence of account when ever someone tries to find/create/update/delete any document or subdocument that exists within the account.
What do you guys think is the efficient way to implementing account existence verifying after a session is created. My session collection exists in Redis and documents in MongoDb
from Best practice for session verification on consequent requests after login
No comments:
Post a Comment