Skip to content

Instantly share code, notes, and snippets.

@PrakadAlpha

PrakadAlpha/Auth&Auth.md

Created April 5, 2020 02:27
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save PrakadAlpha/82d38daa4a6c38c6518490a566e59b3f to your computer and use it in GitHub Desktop.
Save PrakadAlpha/82d38daa4a6c38c6518490a566e59b3f to your computer and use it in GitHub Desktop.
Download ZIP
Way of handling sessions in Nodejs
Raw
Auth&Auth.md

Authentication and Authorization

  • There are two ways to handle these in web applications.

  • Using sessions method or jwt tokenized way to handle the auth and auth.

Handling Sessions

  • express-session express module with built in cookies based session management system and also integrate with stores to save the sessions.

  • jsonwebtoken for managing the authentication and session management, it is stateless.

  • passportjs for managing the session with local strategy and asessionslso OAuth

JSON Web Token

  • Consist of three parts

    • Header(Algorithm & token type)
    • Payload(data)
    • Signature(Verification Sign)

Cookies

  • Cookies are set in the server on the login request and sent to the client using the Set-Cookie header in the response and there after sent from the client for all the requests to identify the user.

Options used in the cookies are as follows:

  • Secure => Used to tell the browser to send cookies over https only.
  • HttpOnly => Makes the cookies accesible only in the server, client side js cannot access it using document.cookie.
  • SameSite => Blocks cross origin request
  • Domain and Path => These can be changes accordingly for security
  • Expires or Max-Age => This is used to persist the cookie for the specified time
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment