Can I use Bitcoin Core with separate wallet signer for my CEX?

I’m building a CEX and I have a separate wallet signer that has the keys to sign withdrawals and it works well but when it comes to watching the blockchain for transactions on my imported wallet addresses, is the Bitcoin Core enough? Do I have to pair it with something else or replace it totally?

reddit.com
u/thewebken — 25 days ago

How do I cleanly handle session cookie expiry?

I work as a frontend developer for a trading company. The CTO who doubles as the backend developer used to send one token to the web team and they store it in local storage in the web app.
When I came in, I realized it was a vulnerability so I suggested we move towards refresh and access token. He said it’s dangerous because those JWT tokens are stateless and there’s no way to revoke it when attackers get access to it. Also, he said it’s not good practice to persist them if not, you’re violating what JWTs are in the first place.
I was confused because when I was building a backend system and learning about access and refresh tokens, I know you can persist refresh tokens in a database and revoke them. The only issue is access tokens which aren’t persisted and they are short lived anyway so there’s that small vulnerability gap.
We settled on session cookies. So instead of sending me the token in a json to store in local storage, he sets an httpOnly cookie and that’s it. But with this, anytime the cookie expires in say, 6 hours, the user has to get logged out. Sometimes the user could be in the middle of doing something. Is that bad UX? Is there a way to not log the user out when they are active on the app? I’m thinking even when you’re using refresh tokens, they expire at some point and the user has to log in again? How do the big companies do it?

reddit.com
u/thewebken — 2 months ago