See the new site: https://postgresisenough.dev
TLDR: JWTs should not be used for keeping your user logged in. They are not designed for this purpose, they are not secure, and there is a much better tool which is designed for it: regular cookie sessions.
If you've got a bit of time to watch a presentation on it, I highly recommend this talk: https://www.youtube.com/watch?v=pYeekwv3vC4 (Note that other topics are largely skimmed over, such as CSRF protection. You should learn about other topics from other sources. Also note that "valid" usecases for JWTs at the end of the video can also be easily handled by other, better, and more secure tools. Specifically, PASETO.)
A related topic: Don't use localStorage (or sessionStorage) for authentication credentials, including JWT tokens: https://www.rdegges.com/2018/please-stop-using-local-storage/
The reason to avoid JWTs comes down to a couple different points:
- The JWT specification is specifically designed only for very short-live tokens (~5 minute or less). Sessions
| function mapValues(obj, fn) { | |
| return Object.keys(obj).reduce((result, key) => { | |
| result[key] = fn(obj[key], key); | |
| return result; | |
| }, {}); | |
| } | |
| function pick(obj, fn) { | |
| return Object.keys(obj).reduce((result, key) => { | |
| if (fn(obj[key])) { |
| #!/bin/bash | |
| # Bash script to install latest version of ffmpeg and its dependencies on Ubuntu 12.04 or 14.04 | |
| # Inspired from https://gist.github.com/faleev/3435377 | |
| # Remove any existing packages: | |
| sudo apt-get -y remove ffmpeg x264 libav-tools libvpx-dev libx264-dev | |
| # Get the dependencies (Ubuntu Server or headless users): | |
| sudo apt-get update |
| /* ******************************************************************************************* | |
| * THE UPDATED VERSION IS AVAILABLE AT | |
| * https://github.com/LeCoupa/awesome-cheatsheets | |
| * ******************************************************************************************* */ | |
| // 0. Synopsis. | |
| // http://nodejs.org/api/synopsis.html |
| var parser = document.createElement('a'); | |
| parser.href = "http://example.com:3000/pathname/?search=test#hash"; | |
| parser.protocol; // => "http:" | |
| parser.hostname; // => "example.com" | |
| parser.port; // => "3000" | |
| parser.pathname; // => "/pathname/" | |
| parser.search; // => "?search=test" | |
| parser.hash; // => "#hash" | |
| parser.host; // => "example.com:3000" |