The latest articles on DEV Community by M.Nadeem Shakoor (@nadeem137). https://dev.to/nadeem137 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3230414%2Fbd121b07-2517-4efe-a8dd-05bcfb5e91af.jpg https://dev.to/nadeem137 en M.Nadeem Shakoor Thu, 19 Jun 2025 11:21:12 +0000 https://dev.to/nadeem137/cookie-auth-vs-bearer-token-in-express-whats-the-difference-and-when-to-use-each-51h4 https://dev.to/nadeem137/cookie-auth-vs-bearer-token-in-express-whats-the-difference-and-when-to-use-each-51h4 <p>When building secure Express.js applications, you’ll likely face a key architectural choice:<br> Should you use cookie-based authentication or bearer tokens like JWTs?</p> <p>Each method has unique advantages depending on your frontend, deployment, and security requirements. In this post, we’ll break it down clearly and practically.</p> <p>Why It Matters<br> Defines how your app handles sessions and security<br> Impacts frontend integration, especially for SPAs<br> Affects protection against attacks like CSRF and XSS<br> Determines whether tokens are sent automatically or manually<br> Option 1: Cookie-Based Authentication<br> How It Works<br> Server sets a cookie containing a session ID or JWT<br> Browser stores it and automatically sends it with every request — if configured correctly<br> res.cookie('token', jwtToken, {<br> httpOnly: true,<br> secure: true,<br> sameSite: 'Strict'<br> });<br> To access it:</p> <p>import cookieParser from 'cookie-parser';<br> app.use(cookieParser());</p> <p>app.get('/dashboard', (req, res) =&gt; {<br> const token = req.cookies.token;<br> });<br> When Are Cookies Sent Automatically?<br> Cookies are included in requests when:</p> <p>The origin matches the cookie's domain<br> sameSite allows the request (Lax, Strict, or None)<br> credentials: 'include' is used in fetch/axios for cross-origin requests<br> Connection is over HTTPS if secure: true<br> fetch('<a href="https://api.example.com/user" rel="noopener noreferrer">https://api.example.com/user</a>', {<br> credentials: 'include'<br> });<br> Option 2: Bearer Token Authentication (JWT)<br> How It Works<br> Client stores token manually (e.g., in localStorage)<br> Token is explicitly added to the Authorization header<br> fetch('/api/protected', {<br> headers: {<br> Authorization: <code>Bearer ${token}</code><br> }<br> });<br> On the backend:</p> <p>const authHeader = req.headers.authorization;<br> const token = authHeader?.split(' ')[1];</p> webdev javascript programming beginners M.Nadeem Shakoor Thu, 19 Jun 2025 10:58:34 +0000 https://dev.to/nadeem137/my-small-side-project-a-short-url-tool-with-domain-support-stats-link-protection-57ab https://dev.to/nadeem137/my-small-side-project-a-short-url-tool-with-domain-support-stats-link-protection-57ab <p>Hey folks,</p> <p>I recently built a tool called Uplinkly – it’s a short link manager that allows you to:<br> •create short links with your own domain<br> •view click stats<br> •generate social preview (OpenGraph)<br> •and even protect links via Cloudflare</p> <p>It started as a personal experiment, but now it’s almost a fully working tool. Not a commercial push — just wanted to share in case someone finds it useful or has feedback.</p> <p>👉 <a href="https://uplinkly.net" rel="noopener noreferrer">https://uplinkly.net</a></p> <p>If you have a few minutes to check it out and click around — I’d be super grateful! And I’d love to hear what you’d improve or expect from a tool like this.</p> <p>Top comments (0)</p> <p>Subscribe<br> pic<br> Add to the discussion</p> webdev javascript programming beginners