DEV Community

loading...

Discussion on: JwtToken vs Cookie vs SessionID

Collapse
artoodeeto profile image
aRtoo

Wow really like this post. Question ma'am, what is the best way to implement authentication? right now, on my personal project Im using jwt. It has user email, username, userId. Every time a user requests, an Authentication header is attached with Bearer <JWToken> schema. Is that enough to secure the api? or do I need to use cookies and jwt?

Collapse
martineboh profile image
Martin Eboh

If you’re going to use JWT, be sure to send it to the client only with HttpOnly option enabled for the cookie via HTTPS connection.

Collapse
artoodeeto profile image
aRtoo

Hello thank you for the response. I was thinking of that one before but I didnt implement it since i dont send my cookies to my server. so what I did is I have a interceptor using axios then before the request i have to attached a auth header like:

axios.cofig.header.authorization = `Bearer ${cookie('cookie-name')}`