[jwtSession] Moving session cookies to your browser

Hello friends!

Did you wonder how sessions work in MODX? Every time someone visits the site, PHP generates a unique id for it and stores it in a PHPSESSID cookie. At the same time, an modSession record is created in the database with this id and the contents of the current session.

Each time a request is submitted, a cookie with id is sent to the site, and MODX makes a request to the database, loads the session, and then saves the changes to it. At least 2 queries to the database every time.

What does JWT offer us? Abandon all these actions on the server, and give everything you need right away in one token. It can be stored in cookies or in the browser’s local storage. And then, upon request, a user session will be created from it. Accordingly, we throw out work with the database and do not store user sessions on the server at all.

Of course, the question immediately arises — what will happen if the user fakes such a session? JWT standard will not allow it. Tokens can be read, but not changed, because they are all signed by a reliable algorithm with a key on a server that the user does not know. This is a theory, and now we proceed to practice in MODX.
Василий Наумкин
24 march 2019, 18:56

MODX Digest #1 (February 25 - March 11, 2019)

Fresh news about MODX.

In the release: icons for content types, refactoring of the 3.x branch from Jason, work on new documentation, thanks to the author on modx.pro and video presentations from all MODX-events hosted in Minsk, Belarus. Enjoy reading!

Иван Климчук
18 march 2019, 12:11

Thanks to the author

Hello, my friends!

Yesterday, the Habr announced thanks to Habr's authors, and I thought — why are we worse?

From today, you can specify details for payment services in your settings, and immediately after that you will have a button in your profile and in topics, next to the name. So far, I added these services:
  • Paypal
  • Donation Alerts
  • WebMoney
  • Yandex.Money
  • Qiwi
Василий Наумкин
28 february 2019, 16:11

MODX Meetup Moscow '18

Moscow! It has been on our Meetup-location wish-list for years now. The Russian MODX community is huge and now is finally the time for a meetup in the Russian capital: Moscow!

The people behind the well-known modstore.pro and modhost.pro websites organised the meetup: a wonderful location, speakers and live-translation. This was the second time we got live-translation during a meetup (Minsk 2017) was the first time and it works perfect! Russian and English speaking people in one audience.

Gauke Pieter Sietzema
10 october 2018, 14:56