A Tasty Treats Podcast for Web Developers.

Ask a Potluck Question →
Wes Bos

Wes Bos

Full Stack JavaScript Developer. Creator of really good web development courses. BBQ enthusiast.

Scott Tolinski

Scott Tolinski

Web Developer, Creator of Level Up Tuts, Bboy, Robotops Crew and Youtuber

Playing: 123: Hasty Treat - Authentication - LocalStorage vs Cookies vs Sessions vs Tokens

0:00

LOUDNESS

Mar 4th, 2019

Hasty Treat - Authentication - LocalStorage vs Cookies vs Sessions vs Tokens

👇 Download Show✏️ Edit Show Notes

In this Hasty Treat, Scott and Wes talk about authentication — the difference between localStorage, cookies, session, tokens and more!

LogRocket - Sponsor

LogRocket lets you replay what users do on your site, helping you reproduce bugs and fix issues faster. It's an exception tracker, a session replayer and a performance monitor. Get 14 days free at https://logrocket.com/syntax.

Show Notes

4:20 - How should we track users?

  • Token based - generally stored in the client
  • Session based - stored on the server
  • Token Based (JWT)

6:00 - Token-based auth

  • Stateless - the server does not maintain a list of logged in users
  • Scalable - you can use serverless functions easily
  • Cross domain
  • Data can be stored in JWT
  • Easy to use on non-web sites like mobile apps
  • Hard to expire tokens — you must maintain a list of blacklisted tokens

7:48 - Session-based auth

  • Stateful - generally you maintain a list of session IDs
  • Passive - once signed in, no need to send token again
  • Easy to destroy sessions

10:48 - How do we identify the user on each request? localStorage or Cookies?

  • A common misconception is that localStorage is for tokens while cookies is for sessions
  • With localStorage, we need to grab the token and send them along on each request
  • With cookies, the data is sent along on each request

11:25 - Security Issues

  • XSS for Tokens - make sure bad actors can't run code on your site
  • Sanitize inputs
  • XSRF - CSRF tokens are needed

Tweet us your tasty treats!