Get started
We are having lots of fun on Discord. Come and join us!
Star on GitHub 45.1K Get started
Back

[SOLVED] How to create a session server-side?

  • 0
  • Self Hosted
  • Accounts
  • Functions
View on Discord
D3str0y3d255
15 Jun, 2023, 08:12

I noticed I cant find anything for createEmailSession() from the server-side dart SDK,

Is it possible to create a session for the user from server-side? If so what is the difference in security between that and doing so client side?

is there ever a case where you'd want to create a Session from a server-side function? Other than in the case of using another platform to take care of part of the work?

when using createEmailSession() from client side is there any issues I need to be aware of, or security risks? Would it be the most advised way to go about creating sessions?

TL;DR
The user wants to know if it is possible to create a session server-side and the difference in security compared to client-side. Other users suggest that it is easiest to create sessions client-side using cookies. They also mention that managing sessions server-side depends on the technology being used. One user suggests that creating a session server-side would be redundant and not more secure. There is no specific solution provided in the thread.
Nevus
15 Jun, 2023, 09:16

ig there isn't much use of generating a session-side session because sessions are for verifying a user and there's no concept of user in the backend. server-side sdk's work using api keys and api keys have access to everything.

D5
15 Jun, 2023, 10:07

That's not available server sided because the session is stored locally in the user's end (a session cookie is saved). Also it's logged server sided and the session is recorded too server sided, and in fact you can control all sessions a users has.

D5
15 Jun, 2023, 10:08

You should not worry about security since behind the scenes what you're doing is login the users in the server (sending the credentials to the sevrer, etc)

D3str0y3d255
15 Jun, 2023, 10:08

gotcha! so a server-side function to authenticate the users login credentials (to create a session) would be redundant while not being any more secure?

D5
15 Jun, 2023, 10:09

Will be useless, and will do exactly the same as calling createEmailSession() but overcomplicated and without any improvements regarding security

D3str0y3d255
15 Jun, 2023, 10:10

gotcha! thank you both so much for your answers!

D5
15 Jun, 2023, 10:11

As said, what createEmailSession() does behind the scenes is triggering and creating a session that is being previously authorized and saved server-sided

D5
15 Jun, 2023, 10:11

@D3str0y3d255Can I mark this as solved?

D3str0y3d255
15 Jun, 2023, 10:12

yes please! Thank you again for your assistance!

D5
15 Jun, 2023, 10:12

[SOLVED] Appwrite Server-side Function questions

Drake
15 Jun, 2023, 16:29

[SOLVED] How to create a session servier-side?

Drake
15 Jun, 2023, 16:29

[SOLVED] How to create a session server-side?

Drake
15 Jun, 2023, 16:31

as others have mentioned, it's easiest to create sessions client side since we use cookies and the browser handles all that automatically.

Technically, you can create sessions server-side...but you'd have to manage the session yourself and how you do that varies with what technology you're using

Reply

Reply to this thread by joining our Discord

Reply on Discord

Recommended threads

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more