Hasty Treat - Authentication - LocalStorage vs Cookies vs Sessions vs Tokens
source link: https://syntax.fm/show/123/hasty-treat-authentication-localstorage-vs-cookies-vs-sessions-vs-tokens
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Mar 4th, 2019
Hasty Treat - Authentication - LocalStorage vs Cookies vs Sessions vs Tokens
👇 Download Show✏️ Edit Show NotesIn this Hasty Treat, Scott and Wes talk about authentication — the difference between localStorage, cookies, session, tokens and more!
LogRocket - Sponsor
LogRocket lets you replay what users do on your site, helping you reproduce bugs and fix issues faster. It's an exception tracker, a session replayer and a performance monitor. Get 14 days free at https://logrocket.com/syntax.
Show Notes
4:20 - How should we track users?
- Token based - generally stored in the client
- Session based - stored on the server
- Token Based (JWT)
6:00 - Token-based auth
- Stateless - the server does not maintain a list of logged in users
- Scalable - you can use serverless functions easily
- Cross domain
- Data can be stored in JWT
- Easy to use on non-web sites like mobile apps
- Hard to expire tokens — you must maintain a list of blacklisted tokens
7:48 - Session-based auth
- Stateful - generally you maintain a list of session IDs
- Passive - once signed in, no need to send token again
- Easy to destroy sessions
10:48 - How do we identify the user on each request? localStorage or Cookies?
- A common misconception is that localStorage is for tokens while cookies is for sessions
- With localStorage, we need to grab the token and send them along on each request
- With cookies, the data is sent along on each request
11:25 - Security Issues
- XSS for Tokens - make sure bad actors can't run code on your site
- Sanitize inputs
- XSRF - CSRF tokens are needed
Links
Tweet us your tasty treats!
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK