
Ask HN: Should I associate session data with an access token? - dustinfarris
Trying to figure out a best practice here.  My REST API is working well, but there is one small piece of data (other than the authenticated user) that I need to just persist for the life of a client session.  I figured since the client is passing an auth header with every request anyway, it would be a good idea to associate this information with the respective auth token.  Are there any design considerations I should contemplate before implementing this?
======
mansilladev
If your client session is long lived, it could outlive the life of the access
token -- that is, if the access token is either manually revoked or
automatically expires. BTW, totally not grokking the requirements/goals around
association.

