Skip to content
/ JWT-Sessions-and-Redis Public

Exploring different API authentication & authorization methods using NodeJS + Express

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

PagiY/JWT-Sessions-and-Redis

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

47 Commits
jwt
jwt
 
 
sessions-redis/server
sessions-redis/server
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

ABOUT

Exploring JWT and Sessions + Redis for user auth

JSON Web Tokens (JWT)

  • Stateless approach. No database required but client-side must save the token (via cookie or localStorage - not recommended).
  • Good for server-server communications or microservices architecture.
  • Uses the concept of refresh tokens, where an expired access token is secretly refreshed and given a new token without logging out the user.
  • Refresh tokens can be stored in a database and must be encrypted (but it loses its statelessness)

Sessions

  • Stateful approach. Authentication data should be stored in both the client and server side.
  • Sessions can easily be invalidated.
  • Sessions are generally recommended than JWT.

READINGS

About

Exploring different API authentication & authorization methods using NodeJS + Express

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages