re: How do you authenticate your users? VIEW POST

TOP OF THREAD FULL DISCUSSION
re: When you say sessions, do you mean session cookies? In terms of JWT, are you using that for stateless session management? What goes into the JWT bo...
 

Yes I do mean session cookies. They are easy to use in PHP and the default way to authenticate with Symfony (symfony.com/doc/master/components/...). Then yes I am using JWT for stateless auth, granted I do not technically have the need for stateless auth. I believe I stored a user JSON object in the JWT which means I didn't need to query the database again as long as the JWT was valid. For the specific implementation I used the Adonis node framework: adonisjs.com/docs/4.1/authenticati... / github.com/adonisjs/adonis-auth/tr...

This has got me thinking I need to dig into JWT token more.

I'll have to look at how Adonis's library is implemented.

I would shy away from putting the whole user record into the JWT cookie in the future! I'll actually expand on that exact use case in a follow-up, but for now this is a nice article: cryto.net/~joepie91/blog/2016/06/1....

code of conduct - report abuse