Not quite sure why it is 'recommended' to store token's in database - I can just store in session.
+1
A:
well, I guess storing the token in DB is the best way to use an application (based on Oauth),
'cause, when a user try to use an app he need to give access/authorize to his account, If you're storing the tokens in a session, if the session expires, the user again need to authorize his account which is very annoying. when you store the users identity in database, user doesn't need to authorize his account anymore, So Storing the Tokens is makes user comfort with the specific app xD
Ninja Dude
2010-09-14 13:59:07
But presumably you would use the session to maintain the state of the user (their twitter ID for example), so if the session expires you have no way of linking back to the token and would have to authorize again anyway. What am I missing?
Mark Flint
2010-09-14 17:18:06