How does keep my session secure?

(Marck Abias) #1

For our project, we need to keep the session including the entities accepted and session data saved for only 15 minutes.

I implemented it in such a way that the bot kit creates a session timestamp each time the user sends a message to the bot (via on_message). I also check on the bot kit if the next messages are sent within the 15-minute session time. If valid, the timestamp will be updated (or session is extended), otherwise the session will be marked as expired. The bot will then check the value of the session flag is expired and a message will be send to the user and the dialog will end.

The catch with this implementation is that the checking of session is reactive, which means the session will only be checked and/or deleted whenever the user decides to send a new message. This means the entities inputted will still be around the session before the next invalid time a message sent.

For this concern, I would like to know how keeps these data secured. Are these encrypted, etc?

Thank you in advance.