Managing Session Cookies, from Firebase Authentication, with Redis

Question

I am using Google Firebase Authentication to handle user management for my web application.

Specifically, I am using managed session cookies. The problem I am running into is figuring out how to associate each session with a corresponding user.

For example, I would have two separate tables:

User - Stores personal information such as name, email, password, etc

Account - Stores account related information such as posts, friends, etc

I was thinking of using Redis as a key-value store for this situation and the flow would work something along the lines of this:

1. User enters credentials
2. Credentials gets verified by Google's backend
3. User receives ID token
4. User sends ID token to my backend along with user id
5. Google's backend creates a session cookie
6. Backend would store the session along with the user id into Redis
7. Whenever user hits a protected endpoint that requires user id, a call to Redis would be made

I thought this might work because, within my Flask API, if I print out the type of the session cookie, the value is of type string.

I was wondering if this is an overkill, or if there is a better alternative to achieve what I want.

Answer 1

After much research and discussions with peers who work in the software industry, I have decided to use the strategy outlined in the question.

Feel free to comment if you have anything else to add.

Cheers.