Thanks Bob! I am not sure how much of a problem it is out there, but there is much discussion out there on how authentication via JWT should be handled.
I just know that from my personal app that is public (the app and its source control), anyone could be logged in.
Some say localStorage is ok while others (like Auth0) that I linked to say to not do it in serverless SPAs.
Using netlifyIdentity.currentUser() is one solution where I can check authentication after refresh/close without the UX hassle of having to log back in again.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Thanks Bob! I am not sure how much of a problem it is out there, but there is much discussion out there on how authentication via JWT should be handled.
Back in May, some prominent developers commented on this Twitter thread: twitter.com/swyx/status/1133780714...
I just know that from my personal app that is public (the app and its source control), anyone could be logged in.
Some say localStorage is ok while others (like Auth0) that I linked to say to not do it in serverless SPAs.
Using
netlifyIdentity.currentUser()
is one solution where I can check authentication after refresh/close without the UX hassle of having to log back in again.