Sessions

Sessions represented an authenticated user session to allow requests to our proxy api router. For this we utilize a system of Session Tokens via cookies.

Before sending requests to the proxy api, the user needs to call the authentication route admira/v1/auth for an authentication handshake to verify if the user has a valid session token or return a new one, via the cookies. Before creating a new one, a session nonce created for the frontend application is expected and required.

Each token is 43 characters long, and kept in a specific sessions table together with some basic information like the IP and User Agent used to request a new session.

The token is returned/validated in the Admira-Session-Token cookie and the cookie is valid for 1 day.