How do I implement authentication?
Hey there! I want to implement a very authentication, how would I go about implementing it? The user visits
/register
to create a new account. After they have created a new account, they must authentication by successfully logging in usingthe /login
, at this point, they should be able to see the content of the /proc
route3 Replies
I have few options, I am considering using cookies for authentication, if you have any other suggestions, please let me know; can someone point me to right direction? I want to use cookies-based authentication without using solid-start
right, I have a backend in rust
Where do you store the JWT client-side?
❓
I mean for the user session to persist
I know that Discord stores the token in
localStorage
But I have heard that it is not recommended to do so (bad security practice)
right, in that case, what do you think I should do?
Oh, thank you!
Looks like the article recommends storing the token in sessionStorage with other security measures
Doesn't that mean it will expire after few minutes though?
I mean after the session is closed
Right, that would mean that the user has to login again every time the token is expired?Why use JWT instead of session cookies?
Generally when devs use JWT they aren't using cookies. Sure you can put the JWT inside a cookie but one main motivation of using JWT is to have the ability to identify a user without maintaining state on the server for sessions. Hence we say using JWT, session revokes is a hard problem, etc.
For my own SolidJS/GraphQL app I just use session cookies, no JWT, but the cookie contains a token that is generated by the server-side framework
u dont have to store state on the server if u use a cookie. u can just put the whole state inside the cookie