Authentication and Permission Check with Middleware

[samirj12]

Hi there, I'm facing a bit of a challenge in my project, and I'd appreciate some guidance.

1. User Authentication and Session Management: I'm working on implementing user authentication in my project using JWT tokens stored in cookies. My goal is to automatically log out inactive users after 15 minutes of inactivity (including closing the browser tab). This would require them to log in again to regain access.

2. Permission-Based Access Control: Additionally, I want to control access to specific pages based on user permissions. Unauthorized users wouldn't be able to view such pages.

While I'm unsure about the exact implementation details, I believe middleware could play a key role in achieving this functionality. Could anyone offer some insights or point me towards resources that can help me solve these challenges?

[aomini]

Middleware can be used in your case as

• Check if the user has cookie or not
• Check to see if the user has active session if not redirect to login page
• Can be used to fetch the authenticated user permission & based on that check authorization for protected pages.
• Update session for the authenticated user server side

[zhoupb01]

Hi there,

I have the same question.

Have you solved it?