Type of authentication when using HTTP and websockets

60 views Asked by At

I have a website where I am using regular HTTP API requests and a websocket authenticated connection for realtime data.

I am using token authentication for API requests, authenticating websocket connection upon connection via header token.

I would however still like to somehow uniquely identify a "session", if a user was using the same token on two machines. Do I save a random string generated upon login along with the authentication token, to uniquely identify a session?

Or did I go about this the wrong way and is token authentication really just not appropriate for my case?

Because token authentication is just so much easier to implement on the frontend, as I am using React.

0

There are 0 answers