re: How do you authenticate your users? VIEW POST

FULL DISCUSSION
 

I've used a motley of methods including: sessions, jwt, and auth headers. At my job we use sessions for our internal PHP website as there is really no cons for our use case and it integrates with both our legacy system and our move to the symfony framework.

 

When you say sessions, do you mean session cookies? In terms of JWT, are you using that for stateless session management? What goes into the JWT body (if you can tell me)?

Thanks for your response!

 

Yes I do mean session cookies. They are easy to use in PHP and the default way to authenticate with Symfony (symfony.com/doc/master/components/...). Then yes I am using JWT for stateless auth, granted I do not technically have the need for stateless auth. I believe I stored a user JSON object in the JWT which means I didn't need to query the database again as long as the JWT was valid. For the specific implementation I used the Adonis node framework: adonisjs.com/docs/4.1/authenticati... / github.com/adonisjs/adonis-auth/tr...

This has got me thinking I need to dig into JWT token more.

I'll have to look at how Adonis's library is implemented.

I would shy away from putting the whole user record into the JWT cookie in the future! I'll actually expand on that exact use case in a follow-up, but for now this is a nice article: cryto.net/~joepie91/blog/2016/06/1....

code of conduct - report abuse