Sonolus-Session-Data
Sonolus-Session-Data
specifies the current session data.
Syntax
Sonolus-Session-Data: <value>
Value contains:
type SessionData = {
address: string
userProfile: UserProfile
}
Which is AES-CBC-256 encrypted with key and IV associated with the session, and then base64 encoded.
Examples
Sonolus-Session-Data: ...
Remarks
Sonolus-Session-Id
must also present.
Using session id specified by Sonolus-Session-Id
, server can look up information (key, IV, and expiration) associated with the session. Server must first verify that the session has not expired, then use key and IV to decrypt session data.
Once decrypted, server must first verify that address
is allowed, then allow or reject the request depending on userProfile
.