Blogs and Cookies

Cookies can be used to preserve a user session, like for example, remembering if a user logs in as Admin and giving them permission to write a blog post.

The first thing I tried was sending cookies in the HTTP response with the Set-Cookie header, but this is a Forbidden Response Header and is filtered out by most browsers. After playing around with settings for a year (and change), I decided that, however elegant this would be if it worked, I'd have to try something else.

While taking an AWS course on Udemy, I learned I could store user sessions in a DynamoDB table. Now, when an admin logs in, an item containing their session and permissions is placed in the table. When they go to other restricted pages, the event handler checks if they have a session in DynamoDB and checks the associated permissions. This session has a Time-To-Live (TTL) of one hour and is then deleted.

Although this seems simple and straightforward, I was too stubborn to give up the other approach in favor of it for the longest time. But hey, now it's working. I'm glad to have done something on the site again.