Why store Refresh Tokens in HttpOnly cookies? ๐ค
At first, I thought localStorage is enoughโฆ
But I learned HttpOnly cookies protect tokens from XSS attacks๐จ
JS canโt access them โ much safer for auth systems.
Small change, BIG security upgrade๐ฅ
#NodeJS#JWT#Security#Auth
Why must authenticate run BEFORE authorize?๐ค
At first, I thought order doesnโt matter
But I learned:
๐ First you verify WHO the user is (authenticate ๐)
๐ Then you check WHAT they are allowed to do (authorize โก)
Reverse the order = broken security logic
#Security#Auth
Access Token vs Refresh Token ๐๐ค
Why do we use bothโฆ not just one?
Why is Access Token short-lived โณ?
Why do we store Refresh Tokens in DB?
What really happens when an Access Token expires?
Yesterday I learned: itโs all about security + user experience balance ๐ฅ
#jwt
Why should we never trust req.body.userId for auth, but trust https://t.co/SirRS2EnM9 from JWT? ๐ค
One comes from the user ๐ฌ, the other is verified by the server ๐.
Same ID, completely different trust level. ๐ฅ
#NodeJS#JWT#Backend#Security
A few months ago I built a React Todo app while vibe coding ๐ง
It worked but felt out of control ๐ตโ๐ซ
Then I learned useState & useEffect โ๏ธ
Rebuilt it ๐
Now itโs simple, predictable & fully in my control ๐ชโจ
#React#JavaScript#MERN
In my first project, I used sessions for login auth.
While planning my second project with multiple phases, I started wondering if sessions are enough for scaling ๐ค
Thatโs when I came across JWT ๐ and started learning it deeply.
#NodeJS#JWT#Backend
๐ Hi, I'm Antas.
Iโm a self-taught MERN Stack Developer.
I have completed an eCommerce platform using JavaScript, Node.js, Express, MongoDB, and EJS.
Iโm currently improving React and learning JWT authentication.
Letโs see where this goes ๐
#MERN#ReactJS#JWT