Playing: 123: Hasty Treat - Authentication - LocalStorage vs Cookies vs Sessions vs Tokens
How We Manage Our Lives — Notion, Todos, Notes, Focusing, Calendars, Goal tracking, and more!
Potluck - Changing careers × Repo organization × CSS Grid × Certifications × Freelancing × Spammers × More
Potluck - Where to start with JS × Freelancing × Cron jobs × Split testing × Frameworks in 2019 × More
Potluck - $100/hr × Redux Replacements × Full Stack Designers × JWT × VS Code Tips × More
Potluck - Editor Fonts × Portfolios × Meetup Tips × Switching to Windows × Freelancing Sources
Potluck EP × Remote Work × Headless WordPress × Good Client Questions × Alternate Careers × React API Credentials
Potluck EP × Is Redux Dead × Learning Quickly × Developing Solo × Specialist vs Generalist × Funnest Projects × Wes’ BBQ Course
Potluck EP × Vue.js × Headless WP × Typescript & Flow × Productivity × Server Side Rendering × Yeoman
Wes and Scott's Lives - Breakdancing, BBQ, Wives, Work/Life Balance, Problem Solving, YouTube Subscriptions
Snack Pack — CSS Frameworks, React HOC, Render Props, Coding Designers, Early Career Advice and a sound board!
Hosting & Servers — Heroku, Now, Galaxy, Digital Ocean, Linode, Docker, Netlify and more!
Mar 4th, 2019
Hasty Treat - Authentication - LocalStorage vs Cookies vs Sessions vs Tokens👇 Download Show✏️ Edit Show Notes
In this Hasty Treat, Scott and Wes talk about authentication — the difference between localStorage, cookies, session, tokens and more!
LogRocket - Sponsor
LogRocket lets you replay what users do on your site, helping you reproduce bugs and fix issues faster. It's an exception tracker, a session replayer and a performance monitor. Get 14 days free at https://logrocket.com/syntax.
4:20 - How should we track users?
- Token based - generally stored in the client
- Session based - stored on the server
- Token Based (JWT)
6:00 - Token-based auth
- Stateless - the server does not maintain a list of logged in users
- Scalable - you can use serverless functions easily
- Cross domain
- Data can be stored in JWT
- Easy to use on non-web sites like mobile apps
- Hard to expire tokens — you must maintain a list of blacklisted tokens
7:48 - Session-based auth
- Stateful - generally you maintain a list of session IDs
- Passive - once signed in, no need to send token again
- Easy to destroy sessions
10:48 - How do we identify the user on each request? localStorage or Cookies?
- A common misconception is that localStorage is for tokens while cookies is for sessions
- With localStorage, we need to grab the token and send them along on each request
- With cookies, the data is sent along on each request
11:25 - Security Issues
- XSS for Tokens - make sure bad actors can't run code on your site
- Sanitize inputs
- XSRF - CSRF tokens are needed