Is it safe to store user data with set/get?
I read (https://github.com/honojs/hono/issues/585#issuecomment-1826189093) that context state can be shared if the request is handled by the same worker. Is it safe to store user/session data with set/get?
GitHub
What exactly is Context get/set ? · Issue #585 · honojs/hono
In the documentation https://honojs.dev/docs/api/context/#csetcget it is only written: Set the value specified by the key with set and use it later with get. With a brief example. However, it is no...
4 Replies
The data set inside the context is only available for that request. So any user data would only be available during that request
I do not store sensitive information. I store the user object but without the password and unique id. But that how it is regardless I never let the application query that data so it can never be leaked accidentally to any user
Thanks for your reply, Nico ! Can you clarify " I never let the application query that data so it can never be leaked accidentally to any user" ? English isn't my native language, this sentence confuses me a bit 😂 I feel like I'm missing something in my interpretation 😛
For exemple, I use
c.get('db') to store a user connection to a database to avoid creating a new one on each request, is that the way to do it?
I almost forgot: I also use the Hono-Sessions middleware, which encrypt/decrypt cookies to c.get('session'). From what I gather in the above GH issue is that might also be problematic :/That is fine because on something like cf workers that is the only want to share the database connection anyways
Don’t worry about that. In short it’s fine to store any user data or database connection in c.set
Okidoo, thanks! ❤️