Skip to content

Instantly share code, notes, and snippets.

View youfoundron's full-sized avatar
📶

youfoundron

📶
154 followers · 242 following
View GitHub Profile
@youfoundron
youfoundron / sessions.md
Created June 16, 2026 19:31 — forked from joepie91/sessions.md
Introduction to sessions

While a lot of Node.js guides recommend using JWT as an alternative to session cookies (sometimes even mistakenly calling it "more secure than cookies"), this is a terrible idea. JWTs are absolutely not a secure way to deal with user authentication/sessions, and this article goes into more detail about that.

Secure user authentication requires the use of session cookies.

Cookies are small key/value pairs that are usually sent by a server, and stored on the client (often a browser). The client then sends this key/value pair back with every request, in a HTTP header. This way, unique clients can be identified between requests, and client-side settings can be stored and used by the server.

Session cookies are cookies containing a unique session ID that is generated by the server. This session ID is used by the server to identify the client whenever it makes a request, and to associate session data with that request.

*S

@youfoundron
youfoundron / stop-using-jwts.md
Created June 16, 2026 19:30 — forked from samsch/stop-using-jwts.md
Stop using JWTs

Stop using JWTs!

TLDR: JWTs should not be used for keeping your user logged in. They are not designed for this purpose, they are not secure, and there is a much better tool which is designed for it: regular cookie sessions.

If you've got a bit of time to watch a presentation on it, I highly recommend this talk: https://www.youtube.com/watch?v=pYeekwv3vC4 (Note that other topics are largely skimmed over, such as CSRF protection. You should learn about other topics from other sources. Also note that "valid" usecases for JWTs at the end of the video can also be easily handled by other, better, and more secure tools. Specifically, PASETO.)

A related topic: Don't use localStorage (or sessionStorage) for authentication credentials, including JWT tokens: https://www.rdegges.com/2018/please-stop-using-local-storage/

The reason to avoid JWTs comes down to a couple different points:

  • The JWT specification is specifically designed only for very short-live tokens (~5 minute or less). Sessions
@youfoundron
youfoundron / flexoki-tailwind-colors.ts
Created February 7, 2025 19:40 — forked from martin-mael/flexoki-tailwind-colors.ts
Flexoki Tailwind colors
// Tailwind colors for Flexoki theme by Steph Ango. https://stephango.com/flexoki
const colors = {
base: {
black: '#100F0F',
950: '#1C1B1A',
900: '#282726',
850: '#343331',
800: '#403E3C',
700: '#575653',
@youfoundron
youfoundron / introrx.md
Created September 17, 2016 23:01 — forked from staltz/introrx.md
The introduction to Reactive Programming you've been missing
@youfoundron
youfoundron / 0.2.1-boggle_class_from_methods.rb
Created January 8, 2014 22:20 — forked from dbc-challenges/0.2.1-boggle_class_from_methods.rb
phase 0 unit 2 week 1 boggle class challenge
class BoggleBoard
def initialize(board) # takes nested array and sets it to board attribute
@board = board
end
def create_word(*coords) # takes multiple arrays (representing individual coordinates), return string of the joined elements at the given coordinates
coords.map { |coord| @board[coord.first][coord.last]}.join("") # splat operator '*' let's the method take multiple paramaters as an array
end
def get_letter(row, col) # takes index of row, index of column; returns letter at coordinate