This light project demonstrates the use of redis as full auth technique, it uses uuid v4 to assign random session string as opposed to using jwt, keeps track of all sessions by single user from 1/multiple device(s) as well as multiple users.
- ExpressJs
- MongoDB
- Redis
- Simple signup with username, email & password
- Login
- Protected route authentication
- Logout single user instance (i.e from a single device)
- Logout all user instances (on all prev logged in devices)
The simple approach I used was to keep track of all sessions in 2 ways:
- map each instance string with serialized user details
- Keep track of all sessions belonging to a single user with a set; user's email as key and session strings as values, increment the set with new session strings generated for user when logged in on other devices
- Confirm user's email and password, then store it using redis string with session string as key and serialized user details as value
- Create if not exist a set (the sibling of list) and add the session key to it, add more sessions keys as user logs in from other devices
- Delete the key with the session string corresponding to this instance
- Remove the session string from user's list of session strings
- Fetch the set of keys belonging to user
- Delete all the keys
- Delete the set holding the keys
With ❤️ by Abdullah