Hi
a user logins in with there username and password and i send them a code.
the user is directed to a enter code page.
where and how do i hold the userid?
do i just put it in the url, which seems a little insecure? do i put it in a jwt, which the seems to complicate jwt's (i have to validate the jwt for a status,and not just mean signed in)
or is there another way i am missing