A question about session (conceptually)

Hi, I’m creating a server which accepts http only session cookie, it contains user’s email. Is it okay for me to rely on that?

For example a user request to delete a post. My server only checks whether the post’s author email is equal to the session’s email.

Should i always verify the session in DB?
If yes, isn’t it time consuming?

Any insight would be appreciated :slight_smile:

This topic was automatically closed 182 days after the last reply. New replies are no longer allowed.