DEV Community

SHARAD SHINDE
SHARAD SHINDE

Posted on

Which is the best practice for node user authentication and session handling?

Hi! I am Sharad,

I am MEAN stack developer having 1 year of experience. I want to learn more about MEAN stack and improve my coding skill and knowledge about best practices.

So, I am building this Instagram clone using MEAN stack where I am using typescript for writing APIs in the node.

So my question is to experts regarding user authentication and session handling, which will be best practice to handle user auth and user session?

I read about passportjs is it right for user auth or any other you will suggest? also, I read about JWT tokens and express session, which will be best to use regarding security concern.

experts, please guide me on this.

Thanks.

Top comments (4)

Collapse
 
blnkspace profile image
AVI

I personally use JWTs that auto expire and need to be refreshed in small intervals. I save them in localStorage and/or cookies on the front end. I use passport at the back end. Has worked great for me on all different sorts of projects

Collapse
 
shindesharad71 profile image
SHARAD SHINDE

Thank you for the answer, I really appreciate this. I will give it a try.

Collapse
 
shindesharad71 profile image
SHARAD SHINDE

Thanks for the answer. I find hard to use native session. I think they will less secure as compared to the new packages.

Collapse
 
anduser96 profile image
Andrei Gatej

I think it depends.

Each solution has its cons and pros.

As sessions are stored on the server side, if you have multiple users requesting your server, you might run into problems. Of course, there are solutions for this.
By using sessions you can also blacklist users more easily/

On the other hand, using JWT will make things easier for the server as it only has to check the signature of the arriving token.
Blacklisting users when using this approach requires you to make another request to check whether the current user is blacklisted or not.

Also having a look at a caching system such as Redis might be worth your while.

Good luck!