So, my web application has been authenticating by user identity only. But I just receive a dll which required the user to login to get token, then use the token to call other functions in dll. So, what's the best choice for saving the token? After looking around, this seem like a session thing but they may need to use it for a few hours, would session end if they keep the page open?
Why not save/store the token in cookie (client machine). Then for every dll call pass that token along with the call. You can as well set the expiry of the cookie.
Yes You can as well store it in
session and can set the session timeout (default is 20 minutes if not wrong)