A link between a Volumio device and a MyVolumio account appears to be persistent, so I am wondering whether subsequent authorization is achieved through a session key, or rather whether my account password is stored on the device.
Volumio does not.
But it could be your browser storing the password.
I think you may misunderstand my question.
The session in MyVolumio is restored each time I boot the device running Volumio. This observation suggests that the system stores my password, if not a session key instead. The latter is more secure for the user, but the former is easier to develop.
I am simply asking which technique is used to persist sessions, storage of the password versus of session key.
We don’t store the password. We store the session key (in the form of authentication token).
Both front-end and backend do this
1 Like