Learn More
Resend Email
5
goodBoiBadDev
6y

This is how my login and authentication works

Check for cookie on request

if cookie doesnot exist, send login page ( login )
1) check for credentials
2) if valid, set username's JWT as cookie
3) reload page
4) proceed for authentication

If cookie exist, decode JWT ( authentication )
1) check username
2) if username exist on database, send user panel

Anything wrong with this ?? What is the better way to do this

rant

login

authentication
Favorite
Ranter
Comments
  • 1
    6y
    How do you know the username before Auth?
    Also, why jwt? Why not a good old session id? I mean it's only used to identify a session not carry any actual data anyway
  • 1
    6y
    If user had ever logged in, his username will be saved in form of JWT, as a cookie. So it will be sent with request to server, next time he visit the site again.
  • 1
    6y
    If the username JWT doesnot exist, it reflects, user needs to log in
  • 1
    6y
    JWTs are encrypted, so it's data is not visible. Also it's just the username, not password
  • 2
    6y
    Why are you not using password? And I don't know what is JWT, but is JWT idempotent function for a given username?
  • 0
    6y
    Yeah ... Just save password in cookie and help hackers
Related Rants
devRant © 2021 Hexical Labs LLC
Privacy Policy  |  Terms of Service
Add Comment