Qu-nii-sama Posts - Answer Overflow

Qu-nii-sama

•Created by Qu-nii-sama on 12/11/2024 in #help

Pagination or no pagination

Hi i cant decide to whether implementing pagination or not.
I understands that pagination serves the client a subset of data to offload the computing of the backend. While this is great when x amount of client are request data from a table. The problem lies when they need to do the filtering, the filtering only happens on the subset instead of on the whole table. So if the table consist of 1000 records and the subset is 10, filtering only happens on the 10 records. Do i have to implement a call to the backend for each every filtering that being applied? does this just lead to more database calls? So what is best serving the client a bigger set of data so the filtering can happens client-side or do the filtering on the backend side and ends up with more calls to the backend Thanks in advance

15 replies

CC#

•Created by Qu-nii-sama on 8/12/2023 in #help

❔ RefreshToken and Cookies

Hi I have a bug i can't quite figure out. I am trying to persist a refresh token as a cookie on the client. When developing locally I see the refresh token in the application tab ---> cookies but when I inspect the same tab in production I can't see the key-value pair for the refresh token. backend and frontend is both on https cookieoptions httpflag and secure are set to true. samesite to none The http call for login where the refresh token is issued have the withCrendentials set to true. The Cors is also set to AllowCredentials() When i login in production environment i see the refreshToken cookie in the response header. but not in the application tab -> cookies. but the follow sub request i see the refreshtoken in the request header. How do i get the refresh token to appear in the application tab -> cookies

    public static void AddCorsExtension(this IServiceCollection services )
    {
        var myAllowSpecificOrigins = "_myAllowSpecificOrigins";
        
        services.AddCors(options =>
        {
            options.AddPolicy(name: myAllowSpecificOrigins,
                              policy  =>
                              {
                                  policy.WithOrigins(MyAppData.Configuration["AllowedOrigins:Production"] ?? throw new InvalidOperationException(),
                                                     MyAppData.Configuration["AllowedOrigins:Https"] ?? throw new InvalidOperationException(),
                                                     MyAppData.Configuration["AllowedOrigins:Staging"] ?? throw new InvalidOperationException(),
                                                     MyAppData.Configuration["AllowedOrigins:Dev"] ?? throw new InvalidOperationException())
                                        .AllowAnyHeader()
                                        .AllowAnyMethod()
                                        .AllowCredentials();
                              });
        });
    }

    public static void AddCorsExtension(this IServiceCollection services )
    {
        var myAllowSpecificOrigins = "_myAllowSpecificOrigins";
        
        services.AddCors(options =>
        {
            options.AddPolicy(name: myAllowSpecificOrigins,
                              policy  =>
                              {
                                  policy.WithOrigins(MyAppData.Configuration["AllowedOrigins:Production"] ?? throw new InvalidOperationException(),
                                                     MyAppData.Configuration["AllowedOrigins:Https"] ?? throw new InvalidOperationException(),
                                                     MyAppData.Configuration["AllowedOrigins:Staging"] ?? throw new InvalidOperationException(),
                                                     MyAppData.Configuration["AllowedOrigins:Dev"] ?? throw new InvalidOperationException())
                                        .AllowAnyHeader()
                                        .AllowAnyMethod()
                                        .AllowCredentials();
                              });
        });
    }

The next method is part of login endpoint

    private void SetRefreshTokenCookie(string newRefreshToken)
    {
        var refreshTokenCookieOptions = new CookieOptions
        {
            HttpOnly = true,              // Prevent XSS
            Secure   = true,              // Set to true to ensure cookies only sent over https
            SameSite = SameSiteMode.None, // Use none because of 3-Tier architecture - different domains 
            Expires  = DateTime.UtcNow.AddDays(int.Parse(_configuration["JWT:RefreshTokenValidityInDays"])),
            Path     = "/",
        };
        
        _httpContextAccessor.HttpContext?.Response.Cookies.Append("RefreshToken", newRefreshToken, refreshTokenCookieOptions);
    }

    private void SetRefreshTokenCookie(string newRefreshToken)
    {
        var refreshTokenCookieOptions = new CookieOptions
        {
            HttpOnly = true,              // Prevent XSS
            Secure   = true,              // Set to true to ensure cookies only sent over https
            SameSite = SameSiteMode.None, // Use none because of 3-Tier architecture - different domains 
            Expires  = DateTime.UtcNow.AddDays(int.Parse(_configuration["JWT:RefreshTokenValidityInDays"])),
            Path     = "/",
        };
        
        _httpContextAccessor.HttpContext?.Response.Cookies.Append("RefreshToken", newRefreshToken, refreshTokenCookieOptions);
    }

And lastly clientside code

  login(payload: any) {
    console.log('login');
    return this.httpClient
      .post(`${this.url}${this.endpoint}/login`, payload, {
        observe: 'response',
        responseType: 'json',
        withCredentials: true,
      })
      .pipe(
        tap((response: HttpResponse<object>) => {
          this.handleAuthentication(response);
        })
      );
  }

  login(payload: any) {
    console.log('login');
    return this.httpClient
      .post(`${this.url}${this.endpoint}/login`, payload, {
        observe: 'response',
        responseType: 'json',
        withCredentials: true,
      })
      .pipe(
        tap((response: HttpResponse<object>) => {
          this.handleAuthentication(response);
        })
      );
  }

I need that refreshToken to appear in the cookies in production

3 replies

Gaming

Programming