Solid JS + Auth (How to store the credential)
Q1:
What is the most secure and efficient way to store and use credentials in a SolidJS application without using solid-start?
I am considering using
- cookies only
- tokens only
- cookies + tokens
but I am unsure about which storage mechanism and libraries to utilize.
One thing I may want to avoid is to use session or local storage as it's not secure. But I realized that I can't persist the credentials.
May I know what kind of methods u prefer in client side authentication?
Q2:
Additionally, how can I perform Axios requests if I opt to use cookies, given the need for a token?
7 Replies
🫡 Any opinions are welcome
same site http only cookies +
axios.defaults.withCredentials = true
tokens if the api needs to be exposed to non browser environments like native where they have some sort of secure storageso http cookies could be the one to authenticate my app?
is it possible to store my user information with token in http cookies, and access from my solid js?
when use axios send the request, the cookies associted with the request, anything related to cookies will handle by backend?
am I getting it correct?
http only cookies are only meant to be accessible from server of the same site (except for same site: none which also requires https)
potentially you could store anything in http cookies but that'd be useless for above reason so you'd usually store a session id associated to a user in that cookie just for identifying the user
the latter part of the response is correct
non-sensitive user info could be stored anywhere as long as you don't use that info for auth which is already handled by http only cookies + backend
CMIIW though, auth is such a complicated matter after all
In this case, can I understand like
if non-sensitive user info can be store in the local storage
but for the session id/token can be store in httpcookies, but both backend and frontend must hosted on same AWS vm instance
yeah
same site (domain name or subs in case of
Lax) as far as the browser is concerned, where you host which part, same vm or different entirely depends on the setupI see. I believe I have enough information to kick start. Thank you for ur suggestion and guidanceđź‘Ť