> I understand that we can store the access token in DB.
> but how do i know the logged in user's screen name after session
> timeout?

Nowhere in the entire OAuth workflow do you handle users' passwords or
their usernames. A benefit is that you do not need the Twitter username
to perform any function on the users' behalf with the Twitter API any
more than you need the password.

If it happens that you need the username for some other business reason
then you can call a GET method that returns user profile information to
obtain the user name. The account/verify_credentials methods is most
common for this purpose, but reliance on this method can make your app
subject to DoS because the call has a low, per-user rate limit to
protect against brute force password hacking. You can obtain the user
id from statuses/user_timeline as well. Send count=1 if you do not need
the statuses themselves. 

Better yet, design your app to not require that you know the username,
if possible.

Chris Babcock

Reply via email to