Skip to content

Instantly share code, notes, and snippets.

View HermanNygaard's full-sized avatar
🚀

Herman Nygaard HermanNygaard

🚀
View GitHub Profile
@joepie91
joepie91 / sessions.md
Last active October 9, 2024 15:34
Introduction to sessions

While a lot of Node.js guides recommend using JWT as an alternative to session cookies (sometimes even mistakenly calling it "more secure than cookies"), this is a terrible idea. JWTs are absolutely not a secure way to deal with user authentication/sessions, and this article goes into more detail about that.

Secure user authentication requires the use of session cookies.

Cookies are small key/value pairs that are usually sent by a server, and stored on the client (often a browser). The client then sends this key/value pair back with every request, in a HTTP header. This way, unique clients can be identified between requests, and client-side settings can be stored and used by the server.

Session cookies are cookies containing a unique session ID that is generated by the server. This session ID is used by the server to identify the client whenever it makes a request, and to associate session data with that request.

*S

@staltz
staltz / introrx.md
Last active November 14, 2024 11:27
The introduction to Reactive Programming you've been missing