Amit Bhavikatti amitmbee

layout	title	date	categories
post	Stateless Email Verification	2014-04-18 03:20:50 -0700	security stateless

My preference has always been stateless approach, but the approach mentioned needs a bit more work. You want the link to expire in some time - so when you generate the signature, you append a timestamp into it as well.

Stateless email verification should be something like this -

You have the following options -

Cookies Local Storage or Session Storage In Javascript variables Storing JWT in cookies is largely equivalent to Django's cookie based sessions. If you are in control of the server, then you might as well use that instead.

But if you are not in control of the server, or if you have to use JWT for some reason - it is sill better to store the JWT in a cookie rather than local storage. Cookies have two security properties - IsSecure flag, and HttpOnly. IsSecure flag instructs browsers to send the cookie over HTTPS only. HttpOnly makes the cookie inaccessible using javascript code. These are designed to protect users of your application.

Cookies are automatically sent to the server with every request. If the server requires the JWT as part of an Authorization header, cookies won't work automatically. You will have to use javascript to extract the token from the cookie, and explicitly set it as a request header. This has two drawbacks - firstly you are sending the cookie twice (

node -v > .nvmrc

Helpful Information for MacOS

The below information is current as of 2019-09-02 and applies to MacOS 10.14.x (Mojave).

This document is meant to serve as an aid and reference in preparing a MacOS system, the process and .dotfiles are completed manually. Note that the default Terminal is replaced with iTerm2 and Bash v5.

For additional information or help please feel free to ping via https://www.coreygo.com.

System information commands

Assuming this table definition:

CREATE TABLE segments (segments_id serial PRIMARY KEY, payload jsonb);
With JSON values like this:

INSERT INTO segments (payload)
VALUES ('{
     "a": [
        {

"kind": "person",

	[General]
	disabledTrayIcon=false
	drawColor=#ff0000
	drawThickness=0

	import React, { Component } from "react";
	import GoogleAnalytics from "react-ga";

	GoogleAnalytics.initialize(process.env.REACT_APP_GAID \|\| "UA-115105611-2");

	const withTracker = (WrappedComponent, options = {}) => {
	const trackPage = page => {
	if (process.env.NODE_ENV !== "production") {
	return;
	}

	sudo apt update && sudo apt upgrade
	sudo apt-get install build-essential git curl xclip
	sudo apt-get install zsh

	sh -c "$(curl -fsSL https://raw.github.com/robbyrussell/oh-my-zsh/master/tools/install.sh)"

	# Change the shell to zsh
	chsh -s `which zsh`

	// connect() is a function that injects Redux-related props into your component.
	// You can inject data and callbacks that change that data by dispatching actions.
	function connect(mapStateToProps, mapDispatchToProps) {
	// It lets us inject component as the last step so people can use it as a decorator.
	// Generally you don't need to worry about it.
	return function (WrappedComponent) {
	// It returns a component
	return class extends React.Component {
	render() {
	return (

	// Highcharts CheatSheet Part 1.
	// Create interactive charts easily for your web projects.
	// Download: http://www.highcharts.com/download
	// More: http://api.highcharts.com/highcharts


	// 1. Installation.
	// Highcharts requires two files to run, highcharts.js and either jQuery, MooTools or Prototype or the Highcharts Standalone Framework which are used for some common JavaScript tasks.
	// <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js"></script>
	// <script src="https://code.highcharts.com/highcharts.js"></script>