Mini Apps

Question for miniapp devs: how should a team handle cookies?

I work at the posts office

terminally.online

yeah, if it's not used for auth, probably OK. if you're doing something like setting a user ID in your analytics events you might want to use the one reported in context.

I'm curious about the tracking context more than anything, as in reporting/telemetry. Just assume it's okay?

1. try to avoid them. now that we have quickAuth and web login you can statelessly auth every session if you want.
2. if you can't avoid them, check that the user in the launch context matches the user associated with the stored cookie. if not, clear any local state (cookies, localstorage) and reauthenticate.