Home / Companies / GitHub / Blog / Post Details
Content Deep Dive

Modeling your App's User Session

Blog post from GitHub

Post Details
Company
Date Published
Author
Joshua Peek
Word Count
532
Company Posts That Month
17
Language
English
Hacker News Points
-
Post removed?
No
Summary

GitHub recently updated its session management system to enhance security and functionality by addressing the limitations of using signed cookies for sessions, which are vulnerable to replay attacks and lack revocation capabilities. The new approach involves a hybrid method that incorporates a UserSession class as a first-class domain concern, offering a more transparent and manageable session handling process. This class, implemented as a normal ActiveRecord class, allows for features such as manual revocation, sudo mode tracking, and detailed session information accessible on the active sessions page. The transition to this new system was seamlessly executed over a month, during which both the old and new session systems operated concurrently, allowing users to switch without disruption. The improvements have clarified and enhanced GitHub's authentication logic, providing new possibilities for server-side data management.

Trends Found in this Post
Trend Post Mentions Total Month Mentions Posts Companies MoM
Serverless 1 No monthly metrics for this publish month.
Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.