PrakadAlpha/Auth&Auth.md

Created April 5, 2020 02:27

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/PrakadAlpha/82d38daa4a6c38c6518490a566e59b3f.js"></script>
Save PrakadAlpha/82d38daa4a6c38c6518490a566e59b3f to your computer and use it in GitHub Desktop.

Download ZIP

Way of handling sessions in Nodejs

Raw

Auth&Auth.md

Authentication and Authorization

There are two ways to handle these in web applications.
Using sessions method or jwt tokenized way to handle the auth and auth.

Handling Sessions

express-session express module with built in cookies based session management system and also integrate with stores to save the sessions.
jsonwebtoken for managing the authentication and session management, it is stateless.
passportjs for managing the session with local strategy and asessionslso OAuth

JSON Web Token

Consist of three parts
- Header(Algorithm & token type)
- Payload(data)
- Signature(Verification Sign)

Cookies

Cookies are set in the server on the login request and sent to the client using the Set-Cookie header in the response and there after sent from the client for all the requests to identify the user.

Options used in the cookies are as follows:

Secure => Used to tell the browser to send cookies over https only.
HttpOnly => Makes the cookies accesible only in the server, client side js cannot access it using document.cookie.
SameSite => Blocks cross origin request
Domain and Path => These can be changes accordingly for security
Expires or Max-Age => This is used to persist the cookie for the specified time

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment