bknd-session-handling_skill

This skill helps manage user sessions in Bknd apps by coordinating JWT lifecycles, storage, renewal, and invalidation.

2

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill cameronapak/bknd-skills --skill bknd-session-handling

  • SKILL.md18.7 KB

Overview

This skill helps manage user sessions in Bknd applications by covering JWT lifecycle, session persistence, automatic renewal, and expiration handling. It explains cookie vs header transport, practical code patterns for frontend and server, and integration tips for React apps. Use it to implement reliable auth state checks, graceful expiration flows, and secure token handling.

How this skill works

It inspects how Bknd issues stateless JWTs on login, where tokens can be stored (httpOnly cookies, localStorage, sessionStorage, or memory), and how tokens are validated on each request. The skill describes cookie auto-renewal behavior, manual header-based refresh strategies, and patterns to detect and handle expired tokens. It also covers server-side request validation using Bknd APIs.

When to use it

  • Implementing session persistence and restore on app start
  • Choosing cookie vs header transport for security or manual control
  • Handling token expiration and prompting re-authentication
  • Auto-refreshing or periodically validating cookie-based sessions
  • Validating sessions server-side in API routes

Best practices

  • Prefer httpOnly, secure cookies for browsers to mitigate XSS when possible
  • Match cookie expiry with JWT expiry and enable cookie.renew for activity-based extension
  • Use localStorage or sessionStorage only when you need manual header transport; protect against XSS
  • Check session on app mount (api.auth.me()) and notify app state via a session manager or provider
  • Schedule proactive refresh for header tokens based on decoded exp, and show re-login UI before expiry

Example use cases

  • A React app that restores user on mount using a SessionProvider and api.auth.me()
  • Server API route that calls api.auth.resolveAuthFromRequest to gate endpoints
  • Single-page app using cookie transport to rely on auto-renew and avoid manual token handling
  • Header-based client that decodes JWT exp to schedule a re-authentication prompt
  • Background task that checks session on window focus and redirects to login if expired

FAQ

Use httpOnly secure cookies for best XSS protection and auto-renew behavior. Use localStorage/sessionStorage only when you need manual header-based control, and harden against XSS.

How do I detect an expired session?

Call api.auth.me() to re-validate. For header tokens, decode exp and schedule a refresh or prompt before expiry. Treat 401/Unauthorized responses as session expiration and trigger re-authentication.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational