Hasty Treat - Authentication: LocalStorage vs Cookies vs Sessions vs Tokens

Syntax - Tasty Web Development Treats

Wes Bos

Tech News, Technology, News

4.9 • 1.2K Ratings

🗓️ 4 March 2019

⏱️ 17 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

In this Hasty Treat, Scott and Wes talk about authentication — the difference between localStorage, cookies, session, tokens and more! LogRocket - Sponsor LogRocket lets you replay what users do on your site, helping you reproduce bugs and fix issues faster. It’s an exception tracker, a session replayer and a performance monitor. Get 14 days free at https://logrocket.com/syntax. Show Notes 4:20 - How should we track users? Token based - generally stored in the client Session based - stored on the server Token Based (JWT) 6:00 - Token-based auth Stateless - the server does not maintain a list of logged in users Scalable - you can use serverless functions easily Cross domain Data can be stored in JWT Easy to use on non-web sites like mobile apps Hard to expire tokens — you must maintain a list of blacklisted tokens 7:48 - Session-based auth Stateful - generally you maintain a list of session IDs Passive - once signed in, no need to send token again Easy to destroy sessions 10:48 - How do we identify the user on each request? localStorage or Cookies? A common misconception is that localStorage is for tokens while cookies is for sessions With localStorage, we need to grab the token and send them along on each request With cookies, the data is sent along on each request 11:25 - Security Issues XSS for Tokens - make sure bad actors can’t run code on your site Sanitize inputs XSRF - CSRF tokens are needed Links Cookies vs Tokens: The Definitive Guide Tweet us your tasty treats! Scott’s Instagram LevelUpTutorials Instagram Wes’ Instagram Wes’ Twitter Wes’ Facebook Scott’s Twitter Make sure to include @SyntaxFM in your tweets

Transcript

Click on a timestamp to play from that location

0:00.0	Monday, Monday, Monday,
0:02.0	Open wide Dev fans.
0:04.0	Get ready to stuff your face
0:06.0	with JavaScript, CSS, node modules, barbecue tips,
0:09.0	get workflows,
0:10.0	break dancing, soft skills, web development,
0:12.0	the hastiest, the craziest, the craziest development the hastiest the craziest the tastiest web development treats coming in hot here is
0:18.1	Wes Barracuda bars and Scott El Toroloko Torlinsky.
0:25.0	Oh, welcome to Syntax.
0:27.0	In this episode we're going to be talking about authentication,
0:30.0	which is something that so many websites have.
0:32.0	And in particular, we're going to be talking about how to use and when to use things like local storage
0:37.0	versus cookies versus sessions versus tokens and sort of dive into what all of that means and maybe illuminate some of these things that you have to deal with when dealing with authentication.
0:48.8	Now this episode is sponsored by Log Rocket. Now if if you've been listening to syntax,
0:54.1	you probably heard us talk about Log Rocket before.
0:56.1	Lock Rocket is an amazing service
0:58.3	to allow you to gain full visibility into your bugs.
1:02.1	And when I say full visibility, oftentimes we get like stack traces and we get code outputs and error logs and that feels like full visibility.
1:10.0	But you haven't had full visibility until you've had full visibility.
1:14.2	What I mean is with Log Rocket you get a session replay which is a video showing you exactly what the
1:20.0	user did.
1:21.0	It gives you access to the network request. It gives you access to the network requests it gives you access to your
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from Wes Bos, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of Wes Bos and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.