Session & cookies strategy in web applications

#javascript #jwt #session #webdev

i want to ask a question about how web applications keep your account open on web browser even you close the browser then re open it ex : facebook
how they do keep your account open, they use the session backend or they use localstorage of the web api js to keep it? thank you

Top comments (1)

weisk • Feb 21 '21

one way you can do it is like this:

when the user logs in, respond with an auth token. The webapp can store that token in the localStorage.
when the webapp is initialized, assume that the user is logged in if we have an auth token on the localstorage.
There must be a middleware on all the webapp's XHR handlers, that adds an authorizarion header on each request.
The backend has to have a mechanism to verify that token, and if it's not sent or is invalid, return a 403 forbidden status.
The webapp also has a middleware for every XHR response handler, that will catch whenever a 403 happens. In that case, unset the localStorage token, and redirect the user to login.

That could be one way to do it; as in how to save application state, the answer is also in localStorage. In this subject you also have to bear in mind that for this to be efficient, your app's state should be kind of "serialized" and kind of "normalized".

I suggest you research on the following topics:

cookies vs localstorage vs sessionstorage vs indexedDb
Authentication token mechanisms, e.g. JWT
Common patterns to normalize an app's state

DEV Community

Session & cookies strategy in web applications

Top comments (1)

Read next

4 Habits to Avoid Bugs related to Hoisting in your JavaScript Code

How to use TURN server with PeerJs

Migrating Plausible Data Between Instances (Servers)

Litestyle CSS: A Lightweight Alternative to Full-Fledged Frameworks