For my app I have a server-side database in which I store users and their data. I am wondering how to keep track of which user has which UUID. I want to make sure that only the same user with their own unique UUID can access their data in the database.

What would be the best way to do this?

CodePudding user response：

In your database, create a table where each row represents one particular user. That table would have their permanently assigned UUID, along with name, email, etc.

Some databases such as Postgres and H2 support UUID as a built-in data type. Some databases proved a feature, perhaps as a plug-in, to generate a UUID value. For example, the uuid-ossp plug-in for Postgres. If not, you can generate a UUID in Java.

When creating an account for a user, create a row in that table. When a user logs in, look up their credentials in this table, retrieving their previously assigned UUID.

During the execution of your app, keep that retrieved UUID in memory as a java.util.UUID object. In a web app built on Jakarta Servlet, a good place to keep their UUID would be as an attribute on the Session. See Binding Attributes into a Session in the spec. See HttpSession#setAttribute and getAttribute.

When you write rows in other tables that belong to a particular user, include a column for their UUID. Include their UUID as a criteria in your queries.

You might want to look into multitenancy as a topic.

CodePudding user response：

After authenticating the user (via your favorite authentication process), add a set-cookie response header with the user id (or any other data you deem appropriate) as the value.

Don't forget to set the cookie properties httponly, secure, and samesite.