Asp.NET Core + ReactJs - What is the correct way to store authentication information?

Question

After analyzing a lot of examples online and the asp.net core + react authentication given template, I noticed that all of them do NOT use redux store. At first I tough that you should not use them but it could also be just an example application to show roughly how to execute it in a simple manner.

After it a tough came: how should you properly execute such manner?

If you store it in the store, means it gets the data of whatever user you are and update it only on login/logout. But if your session key expires, front-end (redux store) will not know that and trying to access a page you are not authorized will get an error message. To prevent that, it should log a user out as soon as the session ends. How such thing should get executed? Should I have like some sort of a timer to like every 5-10s execute an action to check if session key is still valid? or on every page component render/re-render check if the session key still exist?

What is the correct way?

Answer 1

It's depend about your authentication system, You can use eg. Auth0. If I understand You correctly - there is everything about:

--- expiration of token

If information about expiry, you can get information about when it will expire:

return new Date().getTime() < expiresAt;

And also if the token will expire just redirect to login page with information or automatically refresh token.

Here are more implementation details (with interceptor pattern):

https://medium.com/@monkov/react-using-axios-interceptor-for-token-refreshing-1477a4d5fc26#:~:text=is%20refresh%20token?-,Refresh%20token%20can%20reload%20a%20couple%20of%20refresh(itself)%20and,is%20about%20half%20an%20hour.