Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
P
P
pshy_soch2020-05-25 17:33:27
User identification
pshy_soch, 2020-05-25 17:33:27

How to properly authenticate?

I need a theory.
What do you understand by good authentication? I tried JWT, but then I ran into a hate because of its security.
Should passwords be stored in sessions or in cookies?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
I
Ivan Shumov, 2020-05-25
@pshy_soch

  1. JWT is not authentication, it's a token format. And he is not responsible for security because nothing of value is stored in it.
  2. passwords should not be stored anywhere
  3. For simplicity, you can start with cookies and store the session ID there
  4. if you want something good and right right away, you should read about how OAuth2 and OpenID work. In order to start poke as easy as possible - take a free account on Auth0 and complete a simple manual in 15 minutes

Similar questions
D
Denis Kazachenkov2014-05-20 22:29:08
Separation of users and administrators on the site according to different tables? 1Reply
D
di2018-12-05 13:14:16
Does refresh_token need to be JWT if access_token is JWT? 1Reply
P
pudz2014-06-07 14:36:03
How to redirect an unauthorized user to the login page? 1Reply
M
Misha Shav2022-02-11 23:21:46
Is the remote access implementation secure enough? 2Reply
R
Romi2022-02-14 14:01:23
Is there any simple and smart package/module for Vue.js to easily work with server authentication API like Laravel Passport? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question