Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Froot75397yHow do you know the username before Auth?
Also, why jwt? Why not a good old session id? I mean it's only used to identify a session not carry any actual data anyway -
If user had ever logged in, his username will be saved in form of JWT, as a cookie. So it will be sent with request to server, next time he visit the site again.
-
JWTs are encrypted, so it's data is not visible. Also it's just the username, not password
-
github95487yWhy are you not using password? And I don't know what is JWT, but is JWT idempotent function for a given username?
Related Rants
This is how my login and authentication works
Check for cookie on request
if cookie doesnot exist, send login page ( login )
1) check for credentials
2) if valid, set username's JWT as cookie
3) reload page
4) proceed for authentication
If cookie exist, decode JWT ( authentication )
1) check username
2) if username exist on database, send user panel
Anything wrong with this ?? What is the better way to do this
rant
login
authentication