Update
My React Frontend now authenticates successfully with my django backend through Token Authentication. Might change it to JWT's later on.
My only doubt is whether to continue storing the Token in localstorage in the screenshot below(Might be a vulnerability) or request the token on every request to the backend (Delayed responses due to two round trips?). Please comment below with your views .
Caching
Added A Caching layer as well with Redis. It only caches a section of the template rendered by homepage and some other read heavy pages.
This is built into django with the help of the caching templatetags.
#view
from django.views.decorators.cache import cache_page
@cache_page(60 * 15)
def my_view(request):
...
#template file
{% load cache %}
{% cache menu request.user.email %}
#menu for logged in user
{% endcache %}
Top comments (21)
Please do not store secrets in the local storage. They'd be accessible by any third party script loaded to your website, and one cross-site scripting attack away from leaking.
For more, please read Please Stop Using Local Storage
Some other considerations regarding session ID security: On Securing Web Session Ids
Thank you. I wasn't really sure on it🙏.
I'll checkout the resources.
Definitely avoid storing your token in LocalStorage. Using a HttpOnly cookie might better serve you.
owasp.org/www-community/HttpOnly
I don't know the full context of your token needs but I would usually recommend using a JWT for granting access to an API. For most use cases they are a simple but effective solution.
blog.logrocket.com/jwt-authenticat...
Thanks Chris⚡
interest project, if you want collaboration on this, hit me up.
Hey there I'll provide a link to the github repo in my next post. I need to prepare it for collaboration.
May I know what technologies you work with?
As my Github account mentioned, I am familiar with Python + Django + React | RN or Vue, and PHP + Laravel, Java Spring boot.
Thanks
Awesome⚡
Hi Zachary here's the link to the repo
github.com/Nyamador/wms
Hey Desmond, amazing product, and of course a very interesting topic.
Would you like to integrate your project into our platform and make it reusable, and scalable for you and your future developments - and maybe even for others? You may earn some easy money from it. Hit me up on paul.coch@generato.com or linkedin.com/in/paul-coch
Hello, do you have a video available of this project?
Not yet. I mean of it's possible I might put up a video soon
That would be awesome.
In the mean time you could subscribe and turn on notifications.
youtube.com/channel/UCHclsWHoxEZU0...
Done! Can't wait for the video!!
Use cookies with http only.
I resorted to using JWT
Hello, Desmond can you explain the two round trip u mentioned...How is that happening?
I mentioned two round trips in the case where the JWT would have to be fetched from the server upon every request and if the refresh token is also expired then that's an extra delay to get a fresh one.