Hello! I am trying to figure out / improve the ceramic authentification in my app. I am using rainbowkit, wagmi, and the authentification to ceramic is done in a react context provider using DIDSession right after a new connection to Mumbai is done using WalletClient from Wagmi. (similarly as in WalletConnect Tutorial: Create User Sessions with Web3Modal). I was interested to be able to terminate a session before the expiration time since the session may persist even after the wallet is disconnected, allowing anyone accessing the device to access / mutate data (unless the app functionality are disabled when the wallet is disconnected). Also I wanted to change the expiration time so that I can test how the application is handling the session expiration.
I wanted to use the function DIDSession.remove(accountId) to remove a session from the sessionStore when the session was created using DIDSession.get(): js-did/packages/did-session/src/index.ts at e70a7749084c481ccd4ea02c8870510722c92e30 · ceramicnetwork/js-did · GitHub . And also I tried to modify the session expiration time as can be done when creating the session with DIDSession.get(): (js-did/packages/did-session/src/index.ts at e70a7749084c481ccd4ea02c8870510722c92e30 · ceramicnetwork/js-did · GitHub).
For instance:
const session = await DIDSession.get(actId, authMethod, {
resources: composeClient.resources,
expiresInSecs: 3600, //time in secs before expiration
});
For some reason even after installing the last version did-session@3.0.2 ( did-session - npm), I am not able to use await DIDSession.get(accountId) to remove the session from the store or set a specific expiration time… I looked in my node_module in did-session/dist/index.js and the code is different than in js-did/packages/did-session/src/index.ts at main · ceramicnetwork/js-did · GitHub. I tried to remove the node_modules and reinstalled. The version installed is 3.0.2 but It seems that a older version is installed instead. How can I fix that?
1 Like
Hi @brunolune ! Good to hear from you again.
Quick note on this point you made:
may persist even after the wallet is disconnected, allowing anyone accessing the device to access / mutate data
Sessions (once created) persist only in the user’s browser (if you’re referring to our documentation). Also - in my walletconnect tutorial - if you look into the code found here, you’ll notice that we’re actually not storing the session at all (just the parent identifier - no one can hijack a session with this, even if they extracted from local storage).
1 Like
Okay great! By the way the did-session 3.0.2 is now correctly loaded in my app. Thanks!
2 Likes