DEV Community: Aleksandra Dudkina The latest articles on DEV Community by Aleksandra Dudkina (@sashadudkina5). https://dev.to/sashadudkina5 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3693158%2Fc555159c-d916-412a-a8cc-2f5537d99c45.jpeg DEV Community: Aleksandra Dudkina https://dev.to/sashadudkina5 en map vs forEach in JavaScript: The Difference Nobody Talks About (Until It Breaks You in an Interview) Aleksandra Dudkina Sat, 04 Apr 2026 19:38:39 +0000 https://dev.to/sashadudkina5/map-vs-foreach-in-javascript-the-difference-nobody-talks-about-until-it-breaks-you-in-an-2he1 https://dev.to/sashadudkina5/map-vs-foreach-in-javascript-the-difference-nobody-talks-about-until-it-breaks-you-in-an-2he1 <p>There's a difference between <code>map</code> and <code>forEach</code> that most developers know but don't fully think about until it bites them in a real situation.</p> <p>I want to talk about that difference and specifically about one behaviour of <code>map</code> that I completely forgot about when I was solving a <code>flat</code> polyfill in an interview. Spoiler: it cost me time and produced a wrong answer. Let's break it all down.</p> <h2> The Basics: What's the Key Difference? </h2> <p>Both <code>map</code> and <code>forEach</code> <strong>iterate over arrays</strong>. But they are fundamentally different in what they give back.</p> <p>The key difference:</p> <blockquote> <p><code>map()</code> returns a new array<br><br> <code>forEach()</code> returns nothing (<code>undefined</code>)</p> </blockquote> <h3> <code>map()</code> - transforms data </h3> <p>Use <code>map()</code> when you want to <strong>create a new array</strong> based on the original one.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">numbers</span> <span class="o">=</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">];</span> <span class="kd">const</span> <span class="nx">doubled</span> <span class="o">=</span> <span class="nx">numbers</span><span class="p">.</span><span class="nf">map</span><span class="p">((</span><span class="nx">num</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">num</span> <span class="o">*</span> <span class="mi">2</span><span class="p">);</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">doubled</span><span class="p">);</span> <span class="c1">// [2, 4, 6]</span> </code></pre> </div> <p><code>map()</code> takes each element, <strong>transforms it</strong>, and returns a <strong>new</strong> array of <strong>the same length</strong>.</p> <h3> <code>forEach()</code> - just runs code </h3> <p>Use <code>forEach()</code> when you just want to <strong>do something</strong> with each item.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">numbers</span> <span class="o">=</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">];</span> <span class="nx">numbers</span><span class="p">.</span><span class="nf">forEach</span><span class="p">((</span><span class="nx">num</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">num</span> <span class="o">*</span> <span class="mi">2</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>It doesn’t return anything!<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">doubled</span> <span class="o">=</span> <span class="nx">numbers</span><span class="p">.</span><span class="nf">forEach</span><span class="p">((</span><span class="nx">num</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">num</span> <span class="o">*</span> <span class="mi">2</span><span class="p">);</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">doubled</span><span class="p">);</span> <span class="c1">// undefined</span> </code></pre> </div> <p><code>forEach</code> runs a function on each element and returns <code>undefined</code>. <strong>Always</strong>. Even if you explicitly use <code>return</code> in your code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">numbers</span> <span class="o">=</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">];</span> <span class="kd">const</span> <span class="nx">doubled</span> <span class="o">=</span> <span class="nx">numbers</span><span class="p">.</span><span class="nf">forEach</span><span class="p">((</span><span class="nx">num</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">num</span> <span class="o">*</span> <span class="mi">2</span><span class="p">;</span> <span class="p">});</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">doubled</span><span class="p">);</span> <span class="c1">// undefined</span> </code></pre> </div> <p>Another example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nf">doubled</span><span class="p">(</span><span class="nx">arr</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">arr</span><span class="p">.</span><span class="nf">forEach</span><span class="p">((</span><span class="nx">num</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">num</span> <span class="o">*</span> <span class="mi">2</span><span class="p">;</span> <span class="p">});</span> <span class="p">}</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nf">doubled</span><span class="p">([</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">]));</span> <span class="c1">// undefined </span> </code></pre> </div> <p>Even though we used <code>return</code> twice, the result is still <code>undefined</code>.</p> <p>You would use it when you just want to <em>do something</em> with each element - push to another array, log something etc.</p> <h3> Why <code>map()</code> is Used in React Lists </h3> <p>If you’ve worked with React, you’ve definitely seen this pattern:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">listItems</span> <span class="o">=</span> <span class="nx">users</span><span class="p">.</span><span class="nf">map</span><span class="p">((</span><span class="nx">user</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">(</span> <span class="o">&lt;</span><span class="nx">li</span> <span class="nx">key</span><span class="o">=</span><span class="p">{</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">}</span><span class="o">&gt;</span><span class="p">{</span><span class="nx">user</span><span class="p">.</span><span class="nx">name</span><span class="p">}</span><span class="o">&lt;</span><span class="sr">/li</span><span class="err">&gt; </span><span class="p">));</span> </code></pre> </div> <p>React needs an <strong>array of elements</strong> to render a list.</p> <p>And <code>map()</code> returns exactly that - a new array.</p> <p><strong>Why</strong> <code>forEach()</code> <strong>wouldn't work in this situation:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">listItems</span> <span class="o">=</span> <span class="nx">users</span><span class="p">.</span><span class="nf">forEach</span><span class="p">((</span><span class="nx">user</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">(</span> <span class="o">&lt;</span><span class="nx">li</span> <span class="nx">key</span><span class="o">=</span><span class="p">{</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">}</span><span class="o">&gt;</span><span class="p">{</span><span class="nx">user</span><span class="p">.</span><span class="nx">name</span><span class="p">}</span><span class="o">&lt;</span><span class="sr">/li</span><span class="err">&gt; </span><span class="p">));</span> <span class="c1">// nothing is returned</span> <span class="c1">// nothing is rendered</span> </code></pre> </div> <p>This won’t work because:</p> <ul> <li><p><code>forEach()</code> returns <code>undefined</code></p></li> <li><p>React receives nothing to render</p></li> </ul> <h3> Why <code>map()</code> Is Perfect for Chaining </h3> <p>One of the biggest advantages of <code>map()</code> is that it returns a new array, which means you can <strong>chain methods</strong>.</p> <p><strong>Chaining multiple operations:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">numbers</span> <span class="o">=</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">,</span> <span class="mi">4</span><span class="p">];</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="nx">numbers</span> <span class="p">.</span><span class="nf">map</span><span class="p">((</span><span class="nx">n</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">n</span> <span class="o">*</span> <span class="mi">2</span><span class="p">)</span> <span class="c1">// doubled numbers are returned here</span> <span class="p">.</span><span class="nf">filter</span><span class="p">((</span><span class="nx">n</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">n</span> <span class="o">&gt;</span> <span class="mi">4</span><span class="p">)</span> <span class="c1">// filtered numbers are returned here</span> <span class="p">.</span><span class="nf">map</span><span class="p">((</span><span class="nx">n</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="s2">`Value: </span><span class="p">${</span><span class="nx">n</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="c1">// a new map is returned here</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">result</span><span class="p">);</span> <span class="c1">// ["Value: 6", "Value: 8"]</span> </code></pre> </div> <p>Step by step:</p> <ol> <li><p><code>map</code> → [2, 4, 6, 8]</p></li> <li><p><code>filter</code> → [6, 8]</p></li> <li><p><code>map</code> → ["Value: 6", "Value: 8"]</p></li> </ol> <p>Each step returns a new array → enabling chaining</p> <p><strong>Why</strong> <code>forEach()</code> <strong>breaks chaining</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="nx">numbers</span> <span class="p">.</span><span class="nf">forEach</span><span class="p">((</span><span class="nx">n</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">n</span> <span class="o">*</span> <span class="mi">2</span><span class="p">)</span> <span class="c1">// undefined is returned</span> <span class="p">.</span><span class="nf">filter</span><span class="p">((</span><span class="nx">n</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">n</span> <span class="o">&gt;</span> <span class="mi">4</span><span class="p">);</span> <span class="c1">// Error. You can't use array methods with undefined </span> </code></pre> </div> <p>This fails because:</p> <ul> <li><p><code>forEach()</code> returns <code>undefined</code></p></li> <li><p>You can’t call <code>.filter()</code> on <code>undefined</code></p></li> </ul> <h3> Final recap on basics: </h3> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">nums</span> <span class="o">=</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">];</span> <span class="c1">// forEach: returns undefined</span> <span class="kd">const</span> <span class="nx">dobuledWithForEach</span> <span class="o">=</span> <span class="nx">nums</span><span class="p">.</span><span class="nf">forEach</span><span class="p">(</span><span class="nx">n</span> <span class="o">=&gt;</span> <span class="nx">n</span> <span class="o">*</span> <span class="mi">2</span><span class="p">);</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">result1</span><span class="p">);</span> <span class="c1">// undefined</span> <span class="c1">// map: returns a new array</span> <span class="kd">const</span> <span class="nx">dobuledWithMap</span> <span class="o">=</span> <span class="nx">nums</span><span class="p">.</span><span class="nf">map</span><span class="p">(</span><span class="nx">n</span> <span class="o">=&gt;</span> <span class="nx">n</span> <span class="o">*</span> <span class="mi">2</span><span class="p">);</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">result2</span><span class="p">);</span> <span class="c1">// [2, 4, 6]</span> </code></pre> </div> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Feature</th> <th>map()</th> <th>forEach()</th> </tr> </thead> <tbody> </tbody> </table></div> <div class="table-wrapper-paragraph"><table> <colgroup> <col> <col> <col> </colgroup> <tbody><tr> <td colspan="1" rowspan="1"><p>Returns value</p></td> <td colspan="1" rowspan="1"><p>✅ New array</p></td> <td colspan="1" rowspan="1"><p>❌ undefined</p></td> </tr></tbody> </table></div> <div class="table-wrapper-paragraph"><table> <colgroup> <col> <col> <col> </colgroup> <tbody><tr> <td colspan="1" rowspan="1"><p>Use case</p></td> <td colspan="1" rowspan="1"><p>Transform data</p></td> <td colspan="1" rowspan="1"><p>Side effects</p></td> </tr></tbody> </table></div> <div class="table-wrapper-paragraph"><table> <colgroup> <col> <col> <col> </colgroup> <tbody><tr> <td colspan="1" rowspan="1"><p>Chainable</p></td> <td colspan="1" rowspan="1"><p>✅Yes</p></td> <td colspan="1" rowspan="1"><p>❌ No</p></td> </tr></tbody> </table></div> <p><strong>When to use</strong> <code>map()</code><strong>:</strong></p> <ul> <li><p>You need the result, a new transformed array</p></li> <li><p>You're rendering lists in React</p></li> <li><p>You want to chain with <code>.filter()</code>, <code>.reduce()</code>, etc.</p></li> </ul> <p><strong>When to use</strong> <code>forEach()</code><strong>:</strong></p> <ul> <li><p>You just want to <em>do something</em> - log, push, trigger a side effect</p></li> <li><p>You don't need a return value</p></li> <li><p>You're building a result array yourself by pushing each element into it</p></li> </ul> <blockquote> <p><strong>Rule of thumb:</strong><br><br> If you’re returning something → use <code>map()</code><br><br> If you’re just doing something → use <code>forEach()</code></p> </blockquote> <p>This is the part most developers know about. But there's a less obvious difference that matters a lot in certain situations.</p> <h2> The Part Nobody Talks About: Empty Slots </h2> <p>JavaScript arrays can have <strong><em>empty slots</em>.</strong> These are not the same as <code>undefined</code>. They are genuinely missing indices, literally creating holes in the array.</p> <p>You can create them like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">arr</span> <span class="o">=</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="p">,</span> <span class="p">,</span> <span class="mi">4</span><span class="p">];</span> <span class="c1">// see, empty slots!</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">arr</span><span class="p">.</span><span class="nx">length</span><span class="p">);</span> <span class="c1">// 4</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">arr</span><span class="p">[</span><span class="mi">1</span><span class="p">]);</span> <span class="c1">// undefined (but the slot is empty, not set to undefined)</span> </code></pre> </div> <p>Or like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">arr</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Array</span><span class="p">(</span><span class="mi">3</span><span class="p">);</span> <span class="c1">// [empty × 3]</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">arr</span><span class="p">.</span><span class="nx">length</span><span class="p">);</span> <span class="c1">// 3</span> </code></pre> </div> <p>Now here's where <code>map</code> and <code>forEach</code> behave very differently:</p> <blockquote> <ul> <li><p><code>map</code> <strong>skips empty slots but keeps them in the output.</strong></p></li> <li><p><code>forEach</code> <strong>also skips empty slots but simply doesn't call the callback for them.</strong></p></li> </ul> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">arr</span> <span class="o">=</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="p">,</span> <span class="p">,</span> <span class="mi">4</span><span class="p">];</span> <span class="nx">arr</span><span class="p">.</span><span class="nf">forEach</span><span class="p">((</span><span class="nx">item</span><span class="p">,</span> <span class="nx">index</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">index</span><span class="p">,</span> <span class="nx">item</span><span class="p">);</span> <span class="p">});</span> <span class="c1">// 0 1</span> <span class="c1">// 3 4</span> <span class="c1">// (see, indices 1 and 2 are skipped entirely!)</span> <span class="kd">const</span> <span class="nx">mapped</span> <span class="o">=</span> <span class="nx">arr</span><span class="p">.</span><span class="nf">map</span><span class="p">(</span><span class="nx">item</span> <span class="o">=&gt;</span> <span class="nx">item</span> <span class="o">*</span> <span class="mi">2</span><span class="p">);</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">mapped</span><span class="p">);</span> <span class="c1">// [2, empty, empty, 8]</span> <span class="c1">// empty slots are kept in the output!</span> </code></pre> </div> <p>See what <code>map</code> does? It <strong>skips the callback</strong> for empty slots but <strong><em>still keeps the hole in the output array</em></strong>. The resulting array has <strong>the same length</strong> and <strong>the same holes</strong>. You can't get rid of them with <code>map</code>.</p> <p>It's the kind of thing that doesn't feel intuitive until you run into it.</p> <h2> Why This Matters: My Interview Story </h2> <p>I was asked to write a polyfill for <code>Array.prototype.flat</code>. If you haven't used it, <code>flat</code> takes a nested array and flattens it to a given depth:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="p">[</span><span class="mi">2</span><span class="p">,</span> <span class="p">[</span><span class="mi">3</span><span class="p">]]].</span><span class="nf">flat</span><span class="p">(</span><span class="mi">1</span><span class="p">);</span> <span class="c1">// [1, 2, [3]]</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="p">[</span><span class="mi">2</span><span class="p">,</span> <span class="p">[</span><span class="mi">3</span><span class="p">]]].</span><span class="nf">flat</span><span class="p">(</span><span class="mi">2</span><span class="p">);</span> <span class="c1">// [1, 2, 3]</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="p">[</span><span class="mi">2</span><span class="p">,</span> <span class="p">[</span><span class="mi">3</span><span class="p">]]].</span><span class="nf">flat</span><span class="p">(</span><span class="kc">Infinity</span><span class="p">);</span> <span class="c1">// [1, 2, 3]</span> </code></pre> </div> <p>My first attempt was using <code>map</code> and recursion:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nf">flat</span><span class="p">(</span><span class="nx">arr</span><span class="p">,</span> <span class="nx">depth</span> <span class="o">=</span> <span class="mi">1</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">[].</span><span class="nf">concat</span><span class="p">(...</span><span class="nx">arr</span><span class="p">.</span><span class="nf">map</span><span class="p">((</span><span class="nx">item</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">depth</span> <span class="o">&gt;</span> <span class="mi">0</span> <span class="o">&amp;&amp;</span> <span class="nb">Array</span><span class="p">.</span><span class="nf">isArray</span><span class="p">(</span><span class="nx">item</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">flat</span><span class="p">(</span><span class="nx">item</span><span class="p">,</span> <span class="nx">depth</span> <span class="o">-</span> <span class="mi">1</span><span class="p">);</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="k">return</span> <span class="p">[</span><span class="nx">item</span><span class="p">];</span> <span class="p">}</span> <span class="p">}));</span> <span class="p">}</span> </code></pre> </div> <p>Here's what happens here step by step:</p> <ul> <li><p><code>flat</code> is called with an array and a depth (default is 1)</p></li> <li><p><code>.map()</code> goes through each item in the array:</p></li> <li><p>If <strong>depth is more than 0</strong> and <strong>the item is an array</strong>, it calls flat on it with depth - 1</p></li> <li><p>Otherwise, it puts the item in <strong>[item]</strong> to ensure <strong>map returns an array</strong></p></li> <li><p><code>[].concat(...)</code> combines all those arrays into one flat array</p></li> </ul> <p>The test I failed:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nf">flat</span><span class="p">([</span><span class="mi">1</span><span class="p">,</span><span class="mi">2</span><span class="p">,</span> <span class="p">,</span> <span class="p">,</span><span class="kc">undefined</span><span class="p">,[</span><span class="mi">3</span><span class="p">,</span><span class="mi">4</span><span class="p">,[</span><span class="mi">5</span><span class="p">,</span><span class="mi">6</span><span class="p">,[</span><span class="mi">7</span><span class="p">,</span><span class="mi">8</span><span class="p">,[</span><span class="mi">9</span><span class="p">,</span><span class="mi">10</span><span class="p">]]]]],</span> <span class="kc">Infinity</span><span class="p">)</span> </code></pre> </div> <p><strong>Expected result:</strong> [1, 2, undefined, 3, 4, 5, 6, 7, 8, 9, 10]</p> <p><strong>Actual result:</strong> [1, 2, <em>undefined, undefined,</em> undefined, 3, 4, 5, 6, 7, 8, 9, 10]</p> <p>See, there are 2 empty slots in this test. They <strong>are expected to be ignored</strong> but instead they are kept in the result and turned into <strong>undefined</strong>.</p> <p>Remember what we said before:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">arr</span> <span class="o">=</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="p">,</span> <span class="p">,</span> <span class="mi">4</span><span class="p">];</span> <span class="c1">// see, empty slots!</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">arr</span><span class="p">.</span><span class="nx">length</span><span class="p">);</span> <span class="c1">// 4</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">arr</span><span class="p">[</span><span class="mi">1</span><span class="p">]);</span> <span class="c1">// undefined (but the slot is empty, not set to undefined)</span> </code></pre> </div> <ul> <li> <code>map</code> <strong>skips empty slots but keeps them in the output.</strong> </li> </ul> <p>It keeps empty slots in the output and <code>spread ...</code> turns them into <strong>undefined</strong>, while it should just ignore empty slots.</p> <p>Remember what we said about how forEach treats empty slots:</p> <ul> <li> <code>forEach</code> <strong>skips empty slots but simply doesn't call the callback for them</strong> </li> </ul> <p>Which basically means that <code>forEach</code> skips empty slots <strong>entirely</strong>.</p> <p>Perfectly suitable for our case!</p> <p>Let's rewrite our solution with <code>forEach</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nf">flat</span><span class="p">(</span><span class="nx">arr</span><span class="p">,</span> <span class="nx">depth</span> <span class="o">=</span> <span class="mi">1</span><span class="p">)</span> <span class="p">{</span> <span class="kd">let</span> <span class="nx">result</span> <span class="o">=</span> <span class="p">[];</span> <span class="nx">arr</span><span class="p">.</span><span class="nf">forEach</span><span class="p">((</span><span class="nx">item</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">depth</span> <span class="o">&gt;</span> <span class="mi">0</span> <span class="o">&amp;&amp;</span> <span class="nb">Array</span><span class="p">.</span><span class="nf">isArray</span><span class="p">(</span><span class="nx">item</span><span class="p">))</span> <span class="p">{</span> <span class="nx">result</span><span class="p">.</span><span class="nf">push</span><span class="p">(...</span><span class="nf">flat</span><span class="p">(</span><span class="nx">item</span><span class="p">,</span> <span class="nx">depth</span> <span class="o">-</span> <span class="mi">1</span><span class="p">))</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nx">result</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="nx">item</span><span class="p">)</span> <span class="p">}</span> <span class="p">})</span> <span class="k">return</span> <span class="nx">result</span> <span class="p">}</span> </code></pre> </div> <p>Basically, almost the same solution. The difference is: as <code>forEach</code> <strong>doesn't return a new array</strong>, we can't use <code>[].concat</code> anymore (as we will be trying to concat <em>undefined</em> in such case), we will just push to the result array instead.</p> <p>As <code>forEach</code> <strong>ignores empty slots entirely</strong>, it won't turn empty slots into undefined elements.</p> <p><strong>The result we get</strong>: [1, 2, undefined, 3, 4, 5, 6, 7, 8, 9, 10]</p> <p>No extra undefined elements anymore.</p> <h3> Recap </h3> <ul> <li><p><code>map</code> returns a new array, <code>forEach</code> returns <code>undefined</code></p></li> <li><p>Both skip empty slots during iteration</p></li> <li><p><code>map</code> <strong>keeps</strong> empty slots in the output</p></li> <li><p><code>forEach</code> doesn't return anything, so it just skips empty slots and moves on</p></li> </ul> <p>Note: This is one of those things that almost never matters in day-to-day work but can come up when doing some lower-level array manipulations. Worth keeping in the back of your head.</p> javascript interview frontend webdev Rest Parameters and arguments object: A Quick JavaScript Guide Aleksandra Dudkina Thu, 26 Mar 2026 14:13:12 +0000 https://dev.to/sashadudkina5/rest-parameters-and-arguments-object-a-quick-javascript-guide-273a https://dev.to/sashadudkina5/rest-parameters-and-arguments-object-a-quick-javascript-guide-273a <p>When I was learning JavaScript, rest parameters and the <code>arguments</code> object felt confusingly similar.</p> <p>Here's a quick breakdown.</p> <h2> Why do we even need it </h2> <p>Imagine you're writing a function to calculate the <strong>total price</strong> of items in a shopping cart.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nf">calculateTotal</span><span class="p">(</span><span class="nx">firstItemPrice</span><span class="p">,</span> <span class="nx">secondItemPrice</span><span class="p">,</span> <span class="nx">thirdItemPrice</span><span class="p">)</span> <span class="p">{</span> <span class="kd">let</span> <span class="nx">total</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="nx">total</span> <span class="o">=</span> <span class="nx">total</span> <span class="o">+</span> <span class="nx">firstItemPrice</span> <span class="o">+</span> <span class="nx">secondItemPrice</span> <span class="o">+</span> <span class="nx">thirdItemPrice</span> <span class="k">return</span> <span class="nx">total</span><span class="p">;</span> <span class="p">}</span> <span class="nf">calculateTotal</span><span class="p">(</span><span class="mi">10</span><span class="p">,</span> <span class="mi">20</span><span class="p">,</span> <span class="mi">30</span><span class="p">);</span> <span class="c1">// 60</span> </code></pre> </div> <p>This works perfectly, except for the fact that it works perfectly only for 3 items. What if we need to calculate the price of 5 items? Or of 10 items? We really wouldn't want to pass 10 similar arguments to a function.. We don't even know how many items a user will put in a cart in the first place. And this is when the arguments object and rest parameters come in handy.</p> <p>You need arguments object and rest parameters when you don't know how many parameters will be passed to a function in advance.</p> <h2> Arguments Object Usage </h2> <p>JavaScript gives us a built-in way to handle an unknown number of arguments - the <code>arguments</code> object. Think of it this way: it packs all the arguments you pass to a function inside just one variable.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// you don't need to declare arguments here</span> <span class="kd">function</span> <span class="nf">calculateTotal</span><span class="p">()</span> <span class="p">{</span> <span class="kd">let</span> <span class="nx">total</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="c1">// all the parameters you pass are inside arguments</span> <span class="c1">// let's iterate over all items to count their total price</span> <span class="k">for </span><span class="p">(</span><span class="kd">let</span> <span class="nx">i</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="nx">i</span> <span class="o">&lt;</span> <span class="nx">arguments</span><span class="p">.</span><span class="nx">length</span><span class="p">;</span> <span class="nx">i</span><span class="o">++</span><span class="p">)</span> <span class="p">{</span> <span class="nx">total</span> <span class="o">+=</span> <span class="nx">arguments</span><span class="p">[</span><span class="nx">i</span><span class="p">];</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">total</span><span class="p">;</span> <span class="p">}</span> <span class="nf">calculateTotal</span><span class="p">(</span><span class="mi">10</span><span class="p">,</span> <span class="mi">20</span><span class="p">,</span> <span class="mi">30</span><span class="p">);</span> <span class="c1">// 60</span> <span class="nf">calculateTotal</span><span class="p">(</span><span class="mi">5</span><span class="p">,</span> <span class="mi">15</span><span class="p">,</span> <span class="mi">25</span><span class="p">,</span> <span class="mi">35</span><span class="p">);</span> <span class="c1">// 80</span> </code></pre> </div> <p>Now we can count the total price of any number of items!</p> <p>If you look carefully at the function we've just created you might want to use <code>.reduce()</code> here. Let's see how it'll work:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nf">calculateTotal</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">arguments</span><span class="p">.</span><span class="nf">reduce</span><span class="p">((</span><span class="nx">total</span><span class="p">,</span> <span class="nx">price</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">total</span> <span class="o">+</span> <span class="nx">price</span><span class="p">,</span> <span class="mi">0</span><span class="p">);</span> <span class="p">}</span> <span class="nf">calculateTotal</span><span class="p">(</span><span class="mi">10</span><span class="p">,</span> <span class="mi">20</span><span class="p">,</span> <span class="mi">30</span><span class="p">);</span> <span class="c1">// TypeError: arguments.reduce is not a function</span> </code></pre> </div> <p>And this is exactly why <code>arguments</code> is so confusing.. We've just successfully iterated over it, we can even address any parameter with its index (<em>for example, extract first item with</em> <code>arguments[0]</code>) then why do we get this error?</p> <p>If you try to use any other array method or iterator, you’ll run into the same error:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nf">calculateTotal</span><span class="p">()</span> <span class="p">{</span> <span class="nx">arguments</span><span class="p">.</span><span class="nf">forEach</span><span class="p">(</span><span class="nx">price</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">price</span><span class="p">);</span> <span class="p">});</span> <span class="p">}</span> <span class="nf">calculateTotal</span><span class="p">(</span><span class="mi">10</span><span class="p">,</span> <span class="mi">20</span><span class="p">,</span> <span class="mi">30</span><span class="p">);</span> <span class="c1">// TypeError: arguments.forEach is not a function</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nf">calculateTotal</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">arguments</span><span class="p">.</span><span class="nf">map</span><span class="p">(</span><span class="nx">price</span> <span class="o">=&gt;</span> <span class="nx">price</span> <span class="o">*</span> <span class="mi">2</span><span class="p">);</span> <span class="p">}</span> <span class="nf">calculateTotal</span><span class="p">(</span><span class="mi">10</span><span class="p">,</span> <span class="mi">20</span><span class="p">,</span> <span class="mi">30</span><span class="p">);</span> <span class="c1">// TypeError: arguments.map is not a function</span> </code></pre> </div> <p>That’s because <code>arguments</code> is <strong>array-like, but <em>NOT</em> an actual array.</strong></p> <p>It supports:</p> <ul> <li><p>numeric indexes (<code>arguments[0]</code>)</p></li> <li><p><code>length</code></p></li> </ul> <p>But it <strong>doesn’t support</strong>:</p> <ul> <li> array methods (<code>map</code>, <code>reduce</code>, <code>forEach</code>)</li> </ul> <p>If you want to use <code>arguments</code> like an array, you first need to <strong>convert</strong> it into a <strong>real array</strong> with <code>Array.from()</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nf">calculateTotal</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">prices</span> <span class="o">=</span> <span class="nb">Array</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="nx">arguments</span><span class="p">);</span> <span class="k">return</span> <span class="nx">prices</span><span class="p">.</span><span class="nf">reduce</span><span class="p">((</span><span class="nx">total</span><span class="p">,</span> <span class="nx">price</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">total</span> <span class="o">+</span> <span class="nx">price</span><span class="p">,</span> <span class="mi">0</span><span class="p">);</span> <span class="p">}</span> <span class="nf">calculateTotal</span><span class="p">(</span><span class="mi">10</span><span class="p">,</span> <span class="mi">20</span><span class="p">,</span> <span class="mi">30</span><span class="p">);</span> <span class="c1">// 60</span> </code></pre> </div> <p>At this point we:</p> <ul> <li><p>received arguments</p></li> <li><p>converted them into an array</p></li> <li><p>and only then used array methods</p></li> </ul> <p>We're also using additional memory by creating a new array.</p> <p>It all feels like extra, unnecessary work for something so common.</p> <p>If you already think that using <code>arguments</code> is not very convenient, let me give you more reason to doubt it:</p> <p><code>arguments</code> <strong>does NOT exist in arrow functions</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">calculateTotal</span> <span class="o">=</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">arguments</span><span class="p">);</span> <span class="p">};</span> <span class="nf">calculateTotal</span><span class="p">(</span><span class="mi">10</span><span class="p">,</span> <span class="mi">20</span><span class="p">,</span> <span class="mi">30</span><span class="p">);</span> <span class="c1">// ReferenceError: arguments is not defined</span> </code></pre> </div> <p>Arrow functions simply <strong>don’t have their own</strong> <code>arguments</code> <strong>object</strong>.</p> <p>So if you try to handle a dynamic number of parameters in an arrow function, you can’t use <code>arguments</code> at all.</p> <p>What we have for now:</p> <p><strong>Pros:</strong></p> <ul> <li><p>Can handle an unknown number of arguments</p></li> <li><p>You can access any argument by its index (<code>arguments[0]</code>)</p></li> <li><p>You can check how many arguments were passed using <code>arguments.length</code></p></li> </ul> <p><strong>Cons:</strong></p> <ul> <li><p>Not a real array: you need to convert it to an array first to use array methods like <code>.map()</code>, <code>.reduce()</code> or <code>forEach</code></p></li> <li><p>Converting to an array uses extra memory</p></li> <li><p>Can't be used in arrow functions</p></li> </ul> <p>And this is exactly why <strong>rest parameters</strong> exist.</p> <h2> Rest Parameters Usage </h2> <p>Rest parameters solve literally all the issues that <code>arguments</code> has.</p> <p>Rest parameters let you collect all remaining function arguments into a <strong>real array</strong> right from the start.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">calculateTotal</span> <span class="o">=</span> <span class="p">(...</span><span class="nx">prices</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">prices</span><span class="p">.</span><span class="nf">forEach</span><span class="p">(</span><span class="nx">price</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">price</span><span class="p">);</span> <span class="p">});</span> <span class="p">};</span> <span class="nf">calculateTotal</span><span class="p">(</span><span class="mi">10</span><span class="p">,</span> <span class="mi">20</span><span class="p">,</span> <span class="mi">30</span><span class="p">);</span> <span class="c1">// 10</span> <span class="c1">// 20</span> <span class="c1">// 30</span> </code></pre> </div> <p>Notice how:</p> <ul> <li><p>We don't use <code>arguments</code> anymore</p></li> <li><p><code>prices</code> is <strong>already a real array</strong></p></li> <li><p>Works with <strong>any number of arguments,</strong> similarly to the arguments object</p></li> <li><p>We can use rest parameters in an <strong>arrow function</strong></p></li> </ul> <p>There is even more advanced usage available - you can <strong>mix regular arguments with rest parameters</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// declare first argument separately</span> <span class="kd">const</span> <span class="nx">calculateTotal</span> <span class="o">=</span> <span class="p">(</span><span class="nx">firstItem</span><span class="p">,</span> <span class="p">...</span><span class="nx">otherItems</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`First item purchased: </span><span class="p">${</span><span class="nx">firstItem</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">otherItems</span><span class="p">.</span><span class="nx">length</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">Other items purchased:</span><span class="dl">"</span><span class="p">);</span> <span class="nx">otherItems</span><span class="p">.</span><span class="nf">forEach</span><span class="p">((</span><span class="nx">item</span><span class="p">,</span> <span class="nx">index</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">index</span> <span class="o">+</span> <span class="mi">1</span><span class="p">}</span><span class="s2">. </span><span class="p">${</span><span class="nx">item</span><span class="p">}</span><span class="s2">`</span><span class="p">)</span> <span class="p">})</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">No other items purchased.</span><span class="dl">"</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// Example usage with numbers as prices:</span> <span class="nf">calculateTotal</span><span class="p">(</span><span class="mi">50</span><span class="p">,</span> <span class="mi">20</span><span class="p">,</span> <span class="mi">15</span><span class="p">,</span> <span class="mi">10</span><span class="p">);</span> <span class="c1">// First item purchased: 50 </span> <span class="c1">// Other items purchased:</span> <span class="c1">// 20</span> <span class="c1">// 15</span> <span class="c1">// 10</span> </code></pre> </div> <p><code>firstItem</code>:</p> <ul> <li> Captures the <strong>first argument</strong> separately</li> </ul> <p><code>...otherItems</code> :</p> <ul> <li><p>Collects <strong>all remaining arguments</strong> into a real array</p></li> <li><p>Allows iteration with <code>.forEach()</code>, <code>.map()</code>, <code>.reduce()</code>, etc.</p></li> </ul> <p>Unlike the <code>arguments</code> object, which captures <em>everything</em> all together, <strong>rest parameters</strong> must always be the <strong>last</strong> argument in your function definition. <code>function(a, ...b, c)</code> will throw a SyntaxError:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// SyntaxError: Rest parameter must be last formal parameter </span> <span class="kd">function</span> <span class="nf">calculate</span><span class="p">(</span><span class="nx">first</span><span class="p">,</span> <span class="p">...</span><span class="nx">others</span><span class="p">,</span> <span class="nx">last</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">others</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// How the JS engine sees it:</span> <span class="c1">// "Okay, the first argument is 10. Then 'others' captures everything that's left. </span> <span class="c1">// Then what am I supposed to put into 'last'? I'm confused!"</span> </code></pre> </div> <p>If you want to separately use the last parameter, you can do it this way:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nf">calculate</span><span class="p">(</span><span class="nx">first</span><span class="p">,</span> <span class="p">...</span><span class="nx">others</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// using index to address the last parameter</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">others</span><span class="p">[</span><span class="nx">others</span><span class="p">.</span><span class="nx">length</span><span class="o">-</span><span class="mi">1</span><span class="p">]);</span> <span class="p">}</span> </code></pre> </div> <h2> Don't confuse rest parameters with spread </h2> <p>Even though rest parameters (<code>...args</code>) and the <strong>spread operator</strong> (<code>...myArray</code>) use the same <code>...</code> syntax, they <strong>do very different things</strong>.</p> <h4> Rest Parameters </h4> <ul> <li> Used <strong>in a function parameter list</strong> to <strong>collect all the arguments into a single array</strong> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nf">sum</span><span class="p">(</span><span class="nx">first</span><span class="p">,</span> <span class="p">...</span><span class="nx">others</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">others</span><span class="p">.</span><span class="nf">reduce</span><span class="p">((</span><span class="nx">total</span><span class="p">,</span> <span class="nx">num</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">total</span> <span class="o">+</span> <span class="nx">num</span><span class="p">,</span> <span class="nx">first</span><span class="p">);</span> <span class="p">}</span> <span class="nf">sum</span><span class="p">(</span><span class="mi">10</span><span class="p">,</span> <span class="mi">20</span><span class="p">,</span> <span class="mi">30</span><span class="p">,</span> <span class="mi">40</span><span class="p">);</span> <span class="c1">// 100</span> </code></pre> </div> <p>Here:</p> <ul> <li><p><code>first</code> = 10</p></li> <li><p><code>...others</code> = <code>[20, 30, 40]</code> - collects remaining arguments into an array.</p></li> </ul> <h4> Spread Operator </h4> <ul> <li> Used <strong>when calling functions, creating arrays, or objects</strong> to <strong>expand elements</strong>. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">numbers</span> <span class="o">=</span> <span class="p">[</span><span class="mi">20</span><span class="p">,</span> <span class="mi">30</span><span class="p">,</span> <span class="mi">40</span><span class="p">];</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(...</span><span class="nx">numbers</span><span class="p">);</span> <span class="c1">// 20 30 40</span> <span class="kd">const</span> <span class="nx">allNumbers</span> <span class="o">=</span> <span class="p">[</span><span class="mi">10</span><span class="p">,</span> <span class="p">...</span><span class="nx">numbers</span><span class="p">,</span> <span class="mi">50</span><span class="p">];</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">allNumbers</span><span class="p">);</span> <span class="c1">// [10, 20, 30, 40, 50]</span> </code></pre> </div> <p>Here <code>...numbers</code> “spreads” the array elements into individual values. It does <strong>not collect anything</strong> - it expands.</p> <p><strong>Quick Rule of Thumb:</strong></p> <ul> <li><p><strong>Rest parameters</strong> → <strong>collects</strong> multiple values <strong>into an array</strong> + used only in functions</p></li> <li><p><strong>Spread</strong> → expand an array into <strong>individual elements</strong></p></li> </ul> <h2> Rest Parameters vs <code>arguments</code> key differences </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Feature</th> <th><code>arguments</code></th> <th>Rest Parameters</th> </tr> </thead> <tbody> <tr> <td>Type</td> <td>Array-like</td> <td>Real array</td> </tr> <tr> <td>Works in arrow functions</td> <td>No</td> <td>Yes</td> </tr> <tr> <td>Modern usage</td> <td>Legacy</td> <td>Preferred</td> </tr> <tr> <td>Supports array methods</td> <td>No</td> <td>Yes</td> </tr> </tbody> </table></div> <blockquote> <p>The <code>arguments</code> object is <strong>a legacy feature</strong> from older versions of JavaScript. It can still be used. Rest parameters (<code>...args</code>) are a <strong>newer feature in JavaScript (ES6+)</strong>, designed to replace most use cases of <code>arguments</code>. Use rest parameters by default.</p> </blockquote> beginners programming javascript webdev JWT Authentication in React: Guide to Access Tokens & Refresh Tokens Aleksandra Dudkina Sun, 22 Mar 2026 08:10:33 +0000 https://dev.to/sashadudkina5/jwt-authentication-in-react-guide-to-access-tokens-refresh-tokens-44im https://dev.to/sashadudkina5/jwt-authentication-in-react-guide-to-access-tokens-refresh-tokens-44im <h2> <strong>What Are Access Tokens and Refresh Tokens? (And Why You Need Both)</strong> </h2> <p>Before diving into implementation, let’s first understand the HTTP endpoints your frontend communicates with and what each of them does.</p> <p>A step by step flow in short:</p> <ol> <li> On login request we send the login and password to the server. The backend checks whether they match an existing user. If no, we will get an error response (typically <strong>401 Unauthorized</strong>). If yes, we will get a <strong>200 response</strong> with a response body similar to this: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="nl">"access_token"</span><span class="p">:</span><span class="w"> </span><span class="s2">"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MTYyMzkwMjIsInVzZXJfaWQiOjEsInJvbGUiOjJ9.RDsEg737AOckmF_rXiZehecfKZQZV_Zr_csnRZnJZVM"</span><span class="w"> </span></code></pre> </div> <p>We will see later what to do with this response. What we need to remember for now is that we get an <strong>access token</strong> on authentication request (login request in simple words).</p> <p>Besides access token, the server will also send us a <strong>refresh token</strong>. You may wonder where it is, as we don't see anything besides access token in the response. <strong>Refresh token is sent in HTTP-only cookies</strong> and cannot be directly accessed in your app. Refresh token is stored in browser.</p> <p>What we need to remember for now:</p> <ul> <li><p><strong>Access token</strong> is what we work with in our app. It usually contains some important information about the user (like id, role, etc.), which is validated by the backend (<strong>the backend is always the source of truth</strong>). This token is sent with every request. The server uses it to verify that the user is authenticated and has the required permissions. Also, access token has its expiration time, for example, <strong>15 minutes</strong>. Usually, access token is <strong>short-lived</strong>. So to stay authorized, we will need to request a new access token when it expires. And this is why refresh token is needed.</p></li> <li><p><strong>Refresh token</strong> is used to get a new access token. This token is automatically sent to the server (this happens on the browser side).</p></li> </ul> <p>In short: when the access token expires, we send a refresh request, and the browser automatically includes the refresh token cookie, and we receive a new access token.</p> <blockquote> <p>Think of authentication as:</p> <ul> <li><p>access token = <strong>temporary pass</strong></p></li> <li><p>refresh token = <strong>ability to get a new pass without logging in again</strong></p></li> </ul> </blockquote> <p><strong>Flow recap:</strong></p> <ol> <li><p>User logs in → receives <strong>access token in body</strong> + <strong>refresh token in cookie</strong></p></li> <li><p>For API requests, application includes access token</p></li> <li><p>When access token expires, application detects this (or receives <strong>401</strong>) and calls refresh endpoint</p></li> <li><p>Browser <strong>automatically</strong> includes refresh token cookie with refresh request</p></li> <li><p>Server sends new access token (the user does not need to log in again)</p></li> <li><p>Application retries original request with new token</p></li> <li><p>When user logs out, refresh token is <strong>invalidated on server</strong> and removed from browser</p></li> </ol> <h2> <strong>How to Decode a JWT Token</strong> </h2> <p>As you remember, after we send a login request and get a success response, we get something similar to this in response body:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="dl">"</span><span class="s2">access_token</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MTYyMzkwMjIsInVzZXJfaWQiOjEsInJvbGUiOjJ9.RDsEg737AOckmF_rXiZehecfKZQZV_Zr_csnRZnJZVM</span><span class="dl">"</span> </code></pre> </div> <p>If you look carefully, you see that the long string we received from server is <strong>divided into 3 parts by dots (.)</strong></p> <p><code>eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.</code> - this is header</p> <p><code>ehJ1c2VyX2lkIjoxMjL0NSwicm9sZSI6ImNsaWVudCIsImlzcyI6Ik15QXBwIiwiaWF0IjoxNzYwMDAwMDAwLCJleHAiOjE3NjAwMDAzMDB9.</code> - this is payload</p> <p><code>dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk</code> - this is signature</p> <p>We can read the <strong>payload</strong> (the middle part) to extract some useful information. This part is <strong>encoded</strong> (meaning anyone can decode and read it) and typically contains data such as user ID, role, or other details.</p> <p>Besides the user data, it also contains token-related data, the most important part for us is <strong>token expiration time</strong>.</p> <p>There are libraries for decoding token payload.</p> <p>What I personally used when working on a project:</p> <ul> <li><p>online token decoders just for quick checks and tests</p></li> <li><p>a library to decode in my app. Personally, i used <a href="https://www.npmjs.com/package/jwt-decode" rel="noopener noreferrer">"jwt-decode"</a> library</p></li> </ul> <p>What i did is i wrote a decoder function with the library:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">jwtDecode</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">jwt-decode</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">type</span> <span class="p">{</span> <span class="nx">JwtPayload</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">jwt-decode</span><span class="dl">"</span><span class="p">;</span> <span class="c1">// if you work in TypeScript</span> <span class="c1">// this might be useful for correct storing and checking </span> <span class="c1">// the values you extract from payload for later usage</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">accessTokenPayload</span> <span class="kd">extends</span> <span class="nx">JwtPayload</span> <span class="p">{</span> <span class="nl">user_id</span><span class="p">:</span> <span class="nx">number</span><span class="p">;</span> <span class="nl">role</span><span class="p">:</span> <span class="nx">number</span><span class="p">;</span> <span class="c1">// other user data </span> <span class="p">}</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">jwtDecodePayload</span><span class="p">(</span><span class="nx">token</span><span class="p">:</span> <span class="nx">string</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">jwtDecode</span><span class="o">&lt;</span><span class="nx">accessTokenPayload</span><span class="o">&gt;</span><span class="p">(</span><span class="nx">token</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>And decoded the payload after I received it from the server:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="c1">// login request</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">api</span><span class="p">}</span><span class="s2">/login`</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">"</span><span class="s2">POST</span><span class="dl">"</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">Content-Type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/json</span><span class="dl">"</span><span class="p">,</span> <span class="p">},</span> <span class="c1">// this line is crucial to receive refresh token, </span> <span class="c1">// we will take a deeper look at it later </span> <span class="na">credentials</span><span class="p">:</span> <span class="dl">"</span><span class="s2">include</span><span class="dl">"</span><span class="p">,</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="na">login</span><span class="p">:</span> <span class="nx">login</span><span class="p">,</span> <span class="na">pass</span><span class="p">:</span> <span class="nx">password</span><span class="p">,</span> <span class="p">}),</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="c1">//the function we created above</span> <span class="kd">const</span> <span class="nx">tokenPayload</span> <span class="o">=</span> <span class="nf">jwtDecodePayload</span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">access_token</span><span class="p">);</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">tokenPayload</span><span class="p">)</span> <span class="c1">// {</span> <span class="c1">// exp: 1716239022, - expiration time, timestamp in seconds</span> <span class="c1">// user_id: 1,</span> <span class="c1">// role: 2</span> <span class="c1">// };</span> </code></pre> </div> <p>Now we can use <code>tokenPayload</code> in our app.</p> <blockquote> <p>Note: we can read this data on the frontend, but we should not fully trust it, the server always validates it.</p> </blockquote> <p>Before using it, we need to store it somewhere.</p> <h2> Token Storage Considerations </h2> <p>If you search on the internet, you will see that when it comes to where to store access token, many mention storing it in <strong>localStorage</strong> or <strong>sessionStorage</strong>. When implementing authorisation logic on the project I've been working on, our team decided that none of these will be used. Storing tokens in localStorage is convenient but has security risks. That's why many teams prefer keeping access tokens <strong>in memory</strong>.</p> <p>Our decision was to <strong>store access token in memory (RAM)</strong>. What it means in simple words: just store it as a JavaScript variable. The variable will be deleted from the memory every time we do a page refresh (this is where we will use refresh token to request a new access token). This is why we often call the refresh endpoint when the app loads - to restore the session after a page refresh, so the user doesn’t have to log in again.</p> <blockquote> <p><strong>Architecture note:</strong> Store only token-related data in <code>tokenStorage</code>. Store user data (login, role, etc.) separately in global state (Redux, Context, etc.) - <strong>keep token logic isolated</strong>.</p> </blockquote> <p>But we have many values: expiration time, user ID, user role, so it’s not just a single value as we need to store multiple pieces of data.</p> <p>My solution was to create an object that will be used around the app. This is a simplified setup that demonstrates the idea:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">class</span> <span class="nc">TokenStorage</span> <span class="p">{</span> <span class="kr">private</span> <span class="nx">accessToken</span><span class="p">;</span> <span class="kr">private</span> <span class="nx">tokenExp</span><span class="p">;</span> <span class="c1">//timestamp in seconds</span> <span class="nf">setToken</span><span class="p">(</span><span class="nx">token</span><span class="p">,</span> <span class="nx">tokenPayload</span><span class="p">)</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">accessToken</span> <span class="o">=</span> <span class="nx">token</span><span class="p">;</span> <span class="k">this</span><span class="p">.</span><span class="nx">tokenExp</span> <span class="o">=</span> <span class="nx">tokenPayload</span><span class="p">.</span><span class="nx">exp</span><span class="p">;</span> <span class="p">}</span> <span class="nf">getToken</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="k">this</span><span class="p">.</span><span class="nx">accessToken</span><span class="p">;</span> <span class="p">}</span> <span class="nf">isTokenActive</span><span class="p">()</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="k">this</span><span class="p">.</span><span class="nx">accessToken</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="k">this</span><span class="p">.</span><span class="nx">tokenExp</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="p">}</span> <span class="k">return</span> <span class="nb">Date</span><span class="p">.</span><span class="nf">now</span><span class="p">()</span> <span class="o">&lt;</span> <span class="k">this</span><span class="p">.</span><span class="nx">tokenExp</span> <span class="o">*</span> <span class="mi">1000</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// we will need this to handle logging out</span> <span class="nf">clearToken</span><span class="p">()</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">accessToken</span> <span class="o">=</span> <span class="kc">null</span><span class="p">;</span> <span class="k">this</span><span class="p">.</span><span class="nx">tokenExp</span> <span class="o">=</span> <span class="kc">null</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// the variable will be created when we load the app in the browser</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">tokenStorage</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">TokenStorage</span><span class="p">();</span> </code></pre> </div> <p>What we have:</p> <ul> <li><p>we store the full access token string and we can get it with <code>tokenStorage.getToken()</code> <strong>anywhere in the app</strong></p></li> <li><p>we store token expiration time and can quickly check if access token hasn't expired by just calling <code>tokenStorage.isTokenActive()</code></p></li> </ul> <p>So when we receive access token from the server and decode it, we store it in the <code>tokenStorage</code> variable.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// response from login request</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">api</span><span class="p">}</span><span class="s2">/login`</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">"</span><span class="s2">POST</span><span class="dl">"</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">Content-Type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/json</span><span class="dl">"</span><span class="p">,</span> <span class="p">},</span> <span class="c1">//this line below enables storing refresh token! we will explore it later</span> <span class="na">credentials</span><span class="p">:</span> <span class="dl">"</span><span class="s2">include</span><span class="dl">"</span><span class="p">,</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="na">login</span><span class="p">:</span> <span class="nx">login</span><span class="p">,</span> <span class="na">pass</span><span class="p">:</span> <span class="nx">password</span><span class="p">,</span> <span class="p">}),</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="c1">// decoded payload</span> <span class="kd">const</span> <span class="nx">tokenPayload</span> <span class="o">=</span> <span class="nf">jwtDecodePayload</span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">access_token</span><span class="p">);</span> <span class="c1">// we set the whole access token string and token payload object</span> <span class="nx">tokenStorage</span><span class="p">.</span><span class="nf">setToken</span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">access_token</span><span class="p">,</span> <span class="nx">tokenPayload</span><span class="p">);</span> </code></pre> </div> <p>Now we can access token anywhere in the app, for example, check if access token is still valid by just calling <code>tokenStorage.isTokenActive()</code></p> <h2> Access Token Usage </h2> <p>Let’s briefly recap why we need the access token:</p> <ul> <li> It is passed in all HTTP requests </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">//we get current access token stored in app</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">tokenStorage</span><span class="p">.</span><span class="nf">getToken</span><span class="p">()</span> <span class="kd">const</span> <span class="nx">myRequest</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">api</span><span class="p">}</span><span class="s2">/request`</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">"</span><span class="s2">GET</span><span class="dl">"</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">Content-Type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/json</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Authorization</span><span class="dl">"</span><span class="p">:</span> <span class="s2">`Bearer </span><span class="p">${</span><span class="nx">token</span><span class="p">}</span><span class="s2">`</span> <span class="c1">//we pass token to server</span> <span class="p">},</span> <span class="na">credentials</span><span class="p">:</span> <span class="dl">"</span><span class="s2">include</span><span class="dl">"</span><span class="p">,</span> <span class="p">});</span> </code></pre> </div> <ul> <li> It is passed as a query parameter in WebSocket requests (explained in WebSocket part below).</li> </ul> <p>What happens if token is expired (or if the user is not authorized at all): server will respond with <strong>401 Unauthorized</strong>. This is the moment we need a new access token and this is when we need refresh token!</p> <h2> <strong>How the Refresh Token Flow Works (and How to Implement It)</strong> </h2> <p>First, let's investigate where refresh token is stored and how we use it to get a new access token. Remember, the body response from server didn't include any refresh token.</p> <p>Let's take a step back.</p> <p>This is the login request we did and the response body:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="c1">// login request</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">api</span><span class="p">}</span><span class="s2">/login`</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">"</span><span class="s2">POST</span><span class="dl">"</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">Content-Type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/json</span><span class="dl">"</span><span class="p">,</span> <span class="p">},</span> <span class="na">credentials</span><span class="p">:</span> <span class="dl">"</span><span class="s2">include</span><span class="dl">"</span><span class="p">,</span> <span class="c1">//take a look here</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="na">login</span><span class="p">:</span> <span class="nx">login</span><span class="p">,</span> <span class="na">pass</span><span class="p">:</span> <span class="nx">password</span><span class="p">,</span> <span class="p">}),</span> <span class="p">});</span> <span class="c1">// body response: </span> <span class="dl">"</span><span class="s2">access_token</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MTYyMzkwMjIsInVzZXJfaWQiOjEsInJvbGUiOjJ9.RDsEg737AOckmF_rXiZehecfKZQZV_Zr_csnRZnJZVM</span><span class="dl">"</span> </code></pre> </div> <p>If you go to DevTools → Application → Cookies, you will see the cookie with the refresh token.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdi4guaoi1yww1dxokeav.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdi4guaoi1yww1dxokeav.png" alt="Screenshot of http-cookie refresh token in dev tools" width="800" height="200"></a></p> <p>This is the refresh token!</p> <p>Refresh token is sent in <strong>HTTP-only cookie</strong> and is <strong>stored in browser.</strong> This works because of <code>credentials: "include"</code> line, the browser will not store cookies sent by the server in the response if <code>credentials: "include"</code> is not set (It took me a while to find this bug when I was implementing authorisation flow myself).</p> <blockquote> <p><strong>Note:</strong> Since refresh tokens are stored in cookies and sent automatically by the browser, the backend usually needs <strong>CSRF protection</strong> to prevent malicious websites from making requests on behalf of the user without their consent.</p> </blockquote> <p><code>credentials: "include"</code> handles <strong>both</strong> receiving HTTP-only cookies (refresh token in our case) and sending them back to the server <strong>automatically</strong>. If there are HTTP-only cookies stored in browser, <code>credentials: "include"</code> line in your request will <strong>automatically</strong> send them to server.</p> <p>Getting a new valid access token is not difficult. We just need to send a request to a dedicated endpoint and include HTTP-only cookies (refresh token from browser).</p> <p>Here is a simplified logic:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="c1">// refresh token request</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">api</span><span class="p">}</span><span class="s2">/refresh`</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">"</span><span class="s2">GET</span><span class="dl">"</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">Content-Type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/json</span><span class="dl">"</span> <span class="p">},</span> <span class="na">credentials</span><span class="p">:</span> <span class="dl">"</span><span class="s2">include</span><span class="dl">"</span><span class="p">,</span> <span class="c1">//send refresh token stored in browser</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">ok</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="c1">// receiving and storing a new access token</span> <span class="kd">const</span> <span class="nx">payload</span> <span class="o">=</span> <span class="nf">jwtDecodePayload</span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">access_token</span><span class="p">);</span> <span class="nx">tokenStorage</span><span class="p">.</span><span class="nf">setToken</span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">access_token</span><span class="p">,</span> <span class="nx">payload</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>Logging out<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="c1">// logout request </span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">api</span><span class="p">}</span><span class="s2">/logout`</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">"</span><span class="s2">GET</span><span class="dl">"</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">Content-Type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/json</span><span class="dl">"</span> <span class="p">},</span> <span class="na">credentials</span><span class="p">:</span> <span class="dl">"</span><span class="s2">include</span><span class="dl">"</span><span class="p">,</span> <span class="c1">//send refresh token stored in browser</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">ok</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// we need to clear the local token variable!</span> <span class="nx">tokenStorage</span><span class="p">.</span><span class="nf">clearToken</span><span class="p">();</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>At this moment the server invalidates the refresh token (deletes it from database) on its side. If you try to use the same refresh token after it was cleared on the server (after the logout), you will get <strong>401 Unauthorized</strong> error.</p> <p>Remember i mentioned, that storing access token in a variable means that on each page refresh access token will be deleted from the memory. Will we have to call refresh token on each page refresh?</p> <p>Note that refresh token is not infinite-long either. It has its expiration time too. How do we check if refresh token is still valid? What will happen if it is already expired but we keep sending it to server?</p> <p>There are even more questions to be raised:</p> <p>What if user is not authorized at all? What if unauthorized user tries to navigate to some protected page with just inserting URL in browser search line? How to prevent an authorized user to navigate to login page? If user changed password on another device, how should be log them out automatically?</p> <h2> Protected routes and handling user authorisation states </h2> <p>I will share my personal experience of handling authorisation on routing level, but remember that this part can be implemented in various different other ways, depending on the project setup.</p> <p>We use React Routing in the project i've been working on, but if you use Tanstack Routing for example, the core idea remains the same.</p> <p>Before handling routing and protected routes, let's investigate, how our app understands if refresh token is still valid and if the user is authorized or not.</p> <p>A short answer is: the server handles it all.</p> <p>The server is the source of truth. The frontend only reacts to responses (like <strong>401 Unauthorized</strong>).</p> <p>Let's take a look at few scenarios:</p> <ul> <li> We make a HTTP request and send access token in Headers. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">//we get current access token stored in app</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">tokenStorage</span><span class="p">.</span><span class="nf">getToken</span><span class="p">()</span> <span class="c1">//some request</span> <span class="kd">const</span> <span class="nx">myRequest</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">api</span><span class="p">}</span><span class="s2">/request`</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">"</span><span class="s2">GET</span><span class="dl">"</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">Content-Type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/json</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Authorization</span><span class="dl">"</span><span class="p">:</span> <span class="s2">`Bearer </span><span class="p">${</span><span class="nx">token</span><span class="p">}</span><span class="s2">`</span> <span class="c1">//we pass token to server</span> <span class="p">},</span> <span class="na">credentials</span><span class="p">:</span> <span class="dl">"</span><span class="s2">include</span><span class="dl">"</span> <span class="p">});</span> </code></pre> </div> <p>Server checks if the access token we provided is expired. If access token is <strong>expired</strong>, server will send us the <strong>401 Unauthorized</strong> error.</p> <ul> <li> We make a refresh token request: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// refresh token request</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">api</span><span class="p">}</span><span class="s2">/refresh`</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">"</span><span class="s2">GET</span><span class="dl">"</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">Content-Type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/json</span><span class="dl">"</span> <span class="p">},</span> <span class="na">credentials</span><span class="p">:</span> <span class="dl">"</span><span class="s2">include</span><span class="dl">"</span><span class="p">,</span> <span class="c1">//send refresh token stored in browser</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">ok</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="c1">// receiving and storing a new access token</span> <span class="kd">const</span> <span class="nx">payload</span> <span class="o">=</span> <span class="nf">jwtDecodePayload</span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">access_token</span><span class="p">);</span> <span class="nx">tokenStorage</span><span class="p">.</span><span class="nf">setToken</span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">access_token</span><span class="p">,</span> <span class="nx">payload</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>The server checks whether the refresh token is valid.<br><br> - If refresh token is <strong>expired</strong>, server will send us the <strong>401 Unauthorized</strong> error.<br><br> - If refresh token is <strong>invalid</strong>, server will send us the <strong>401 Unauthorized</strong> error (for example, the user logged out with this refresh token before, and this refresh token isn't valid anymore on server side).</p> <p>This is where routing comes into place: if user is not authorized, we should navigate them to some /auth path.</p> <p>First, let's clear local token storage if the user is not authorized anymore.</p> <p>This is what we were already doing in logout request:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="c1">// logout request </span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">api</span><span class="p">}</span><span class="s2">/logout`</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">"</span><span class="s2">GET</span><span class="dl">"</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">Content-Type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/json</span><span class="dl">"</span> <span class="p">},</span> <span class="na">credentials</span><span class="p">:</span> <span class="dl">"</span><span class="s2">include</span><span class="dl">"</span><span class="p">,</span> <span class="c1">//send refresh token stored in browser</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">ok</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// we need to clear the local token variable! !</span> <span class="nx">tokenStorage</span><span class="p">.</span><span class="nf">clearToken</span><span class="p">();</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>Let's add additional checks to refresh token request. Remember, refresh token request can respond with <strong>401 Unauthorized</strong> error and we need to log the user out!<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// refresh token request</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">api</span><span class="p">}</span><span class="s2">/refresh`</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">"</span><span class="s2">GET</span><span class="dl">"</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">Content-Type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/json</span><span class="dl">"</span> <span class="p">},</span> <span class="na">credentials</span><span class="p">:</span> <span class="dl">"</span><span class="s2">include</span><span class="dl">"</span><span class="p">,</span> <span class="c1">//send refresh token stored in browser</span> <span class="p">});</span> <span class="c1">// Server checks if the refresh token we provided is valid.</span> <span class="c1">// - If refresh token is expired, server will send us the 401 Unauthorized error.</span> <span class="c1">// - If refresh token is invalid, server will send us the 401 Unauthorized error</span> <span class="k">if </span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">status</span> <span class="o">===</span> <span class="mi">401</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// clear local access token as the user needs to be logged out</span> <span class="nx">tokenStorage</span><span class="p">.</span><span class="nf">clearToken</span><span class="p">();</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">ok</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="c1">// receiving and storing a valid access token</span> <span class="kd">const</span> <span class="nx">payload</span> <span class="o">=</span> <span class="nf">jwtDecodePayload</span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">access_token</span><span class="p">);</span> <span class="nx">tokenStorage</span><span class="p">.</span><span class="nf">setToken</span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">access_token</span><span class="p">,</span> <span class="nx">payload</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>Refresh request result:</p> <ul> <li><p><strong>200 OK</strong> → new access token → user stays logged in</p></li> <li><p><strong>401 Unauthorized </strong> → refresh token invalid → user is logged out</p></li> </ul> <p>Auth checks outside of route level would look something like this in a simplified way:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">MainPage</span> <span class="o">=</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// when app is initialised, the tokenStorage is empty, we need to get a new access token </span> <span class="nf">refreshRequest</span><span class="p">()</span> <span class="c1">// if there is no access token stored or it is already expired, log out user</span> <span class="nf">useEffect</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// check if the current access token is still valid</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">tokenStorage</span><span class="p">.</span><span class="nf">isTokenActive</span><span class="p">())</span> <span class="p">{</span> <span class="nf">navigate</span><span class="p">(</span><span class="dl">"</span><span class="s2">/auth</span><span class="dl">"</span><span class="p">)</span> <span class="c1">//depends on which routing lib you use</span> <span class="p">}</span> <span class="p">},</span> <span class="p">[</span><span class="nx">navigate</span><span class="p">]);</span> </code></pre> </div> <p>The same on /auth path:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">LoginPage</span> <span class="o">=</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// when app is initialised, the tokenStorage is empty, we need to get a new access token </span> <span class="nf">refreshRequest</span><span class="p">()</span> <span class="c1">// if there is already an active access token, the user is already authorized </span> <span class="nf">useEffect</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// check is current access token in still valid </span> <span class="k">if </span><span class="p">(</span><span class="nx">tokenStorage</span><span class="p">.</span><span class="nf">isTokenActive</span><span class="p">())</span> <span class="p">{</span> <span class="nf">navigate</span><span class="p">(</span><span class="dl">"</span><span class="s2">/main</span><span class="dl">"</span><span class="p">)</span> <span class="c1">//depends on which routing lib you use </span> <span class="p">}</span> <span class="p">},</span> <span class="p">[</span><span class="nx">navigate</span><span class="p">]);</span> </code></pre> </div> <p>What happens here is:</p> <blockquote> <p>The component is rendered<br><br> → Refresh request is called to check if user is authorized<br><br> → token check<br><br> → navigation</p> </blockquote> <p>This means that if the user is authorized, they might briefly see the LoginPage before being redirected to the MainPage. And vice versa. This happens because we first need to wait the component to <strong>fully render</strong> before <code>useEffect</code> runs. This means the user may briefly see the wrong page before being redirected - a noticeable flicker.</p> <p>Using <strong>route loaders</strong> solves this.</p> <h2> <strong>Using Route Loaders for Auth Checks (No Page Flicker)</strong> </h2> <blockquote> <p>Route is matched<br><br> → loader runs (refresh + token check)<br><br> → navigation happens<br><br> → only then the page renders</p> </blockquote> <p><strong>No unnecessary renders. No flickering.</strong></p> <blockquote> <p><strong>Flow recap:</strong></p> <ul> <li><p><strong>Login</strong> → access token + refresh token</p></li> <li><p><strong>Request</strong> → send access token → OK</p></li> <li><p><strong>Access token expired</strong> → refresh request (cookie auto-sent) → new access token → retry request</p></li> <li><p><strong>Refresh token expired</strong> → logout → redirect to <code>/auth</code></p></li> </ul> </blockquote> <p>To implement it, we go to the place in the project where we do all the <em>routing setup</em>. In my case, it was in <code>main.tsx</code> component:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="nx">router</span> <span class="o">=</span> <span class="nf">createBrowserRouter</span><span class="p">([</span> <span class="p">{</span> <span class="na">path</span><span class="p">:</span> <span class="dl">"</span><span class="s2">/main</span><span class="dl">"</span><span class="p">,</span> <span class="c1">// this is the main page</span> <span class="na">element</span><span class="p">:</span> <span class="o">&lt;</span><span class="nx">MainPage</span> <span class="o">/&gt;</span><span class="p">,</span> <span class="na">loader</span><span class="p">:</span> <span class="nx">rootLoader</span><span class="p">,</span> <span class="p">},</span> <span class="p">{</span> <span class="na">path</span><span class="p">:</span> <span class="dl">"</span><span class="s2">/auth</span><span class="dl">"</span><span class="p">,</span> <span class="c1">//this is auth page</span> <span class="na">element</span><span class="p">:</span> <span class="o">&lt;</span><span class="nx">LoginPage</span> <span class="o">/&gt;</span><span class="p">,</span> <span class="na">loader</span><span class="p">:</span> <span class="nx">authLoader</span><span class="p">,</span> <span class="p">},</span> <span class="p">]);</span> </code></pre> </div> <p>This is React Router (data mode), but this logic can be implemented with almost any other library. All the route-level requests and anything we want to do <strong>before</strong> page rendering happens inside the <code>loader</code> function.</p> <p><a href="https://tanstack.com/router/latest/docs/guide/data-loading#route-loaders" rel="noopener noreferrer">Tanstack router docs for loaders</a></p> <p><a href="https://tanstack.com/router/latest/docs/guide/data-loading#route-loaders" rel="noopener noreferrer">React Router docs with loader example</a> - this is example for data mode, framework mode can differ a bit.</p> <p>We pass to the <strong>loaders functions</strong> all the checks we need:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">async</span> <span class="kd">function</span> <span class="nf">rootLoader</span><span class="p">()</span> <span class="p">{</span> <span class="c1">// if there is no active access token, wait for a new one</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">tokenStorage</span><span class="p">.</span><span class="nf">getToken</span><span class="p">())</span> <span class="p">{</span> <span class="k">await</span> <span class="nf">refreshTokenRequest</span><span class="p">();</span> <span class="p">}</span> <span class="c1">// if we didn't receive any new valid access token, it means the user is NOT authorized, navigate to auth</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">tokenStorage</span><span class="p">.</span><span class="nf">isTokenActive</span><span class="p">())</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">redirect</span><span class="p">(</span><span class="dl">"</span><span class="s2">/auth</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="k">return</span> <span class="kc">null</span><span class="p">;</span> <span class="p">}</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">authLoader</span><span class="p">()</span> <span class="p">{</span> <span class="c1">// if there is no active access token, wait for a new one</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">tokenStorage</span><span class="p">.</span><span class="nf">getToken</span><span class="p">())</span> <span class="p">{</span> <span class="k">await</span> <span class="nf">refreshTokenRequest</span><span class="p">();</span> <span class="p">}</span> <span class="c1">// if we received a new valid access token, it means the user is already authorized, navigate to the main page</span> <span class="k">if </span><span class="p">(</span><span class="nx">tokenStorage</span><span class="p">.</span><span class="nf">isTokenActive</span><span class="p">())</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">redirect</span><span class="p">(</span><span class="dl">"</span><span class="s2">/</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="kc">null</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>Flow recap:</p> <p>We refresh the main page → refresh token request is sent →</p> <ul> <li><p><strong>res 401</strong> → no valid access token, clear the remaining access token we had in memory → navigate user to /auth → render auth page</p></li> <li><p><strong>res ok</strong> → we received and stored a new valid access token → render main page</p></li> </ul> <blockquote> <p>Login → access token + refresh token</p> <p>Request → access token → OK</p> <p>Access expired →</p> <p>→ refresh request (cookie auto sent)</p> <p>→ new access</p> <p>→ retry request</p> <p>Refresh expired →</p> <p>→ logout</p> <p>→ redirect to /auth</p> </blockquote> <h2> <strong>Handling JWT Auth with WebSockets</strong> </h2> <p>Usually, access token is added as a <strong>query parameter</strong> to the WebSocket endpoint.</p> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">accessToken</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">your_access_token_here</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// we attach access token directly to websocket endpoint </span> <span class="c1">// to the query param "access_token"</span> <span class="kd">const</span> <span class="nx">websocketEndpoint</span> <span class="o">=</span> <span class="s2">`wss://example.com/socket?access_token=</span><span class="p">${</span><span class="nx">accessToken</span><span class="p">}</span><span class="s2">`</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">socket</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">WebSocket</span><span class="p">(</span><span class="nx">websocketEndpoint</span><span class="p">);</span> <span class="nx">socket</span><span class="p">.</span><span class="nx">onopen</span> <span class="o">=</span> <span class="kd">function</span><span class="p">(</span><span class="nx">event</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">WebSocket is open now.</span><span class="dl">'</span><span class="p">);</span> <span class="p">};</span> <span class="c1">// Example of handling a WebSocket error response indicating unauthorized access</span> <span class="nx">socket</span><span class="p">.</span><span class="nx">onclose</span> <span class="o">=</span> <span class="kd">function</span><span class="p">(</span><span class="nx">event</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">event</span><span class="p">.</span><span class="nx">code</span> <span class="o">===</span> <span class="mi">1008</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// 1008 is a policy violation code, often used for unauthorized access</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">'</span><span class="s1">WebSocket closed due to unauthorized access</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="p">};</span> </code></pre> </div> <p>If you send invalid or expired access token, the connection will get <strong>closed</strong> and you will receive <strong>1000</strong> or <strong>4001</strong> error code (some servers use custom codes like 4001 to indicate an expired access token; always check your backend docs).<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">socket</span><span class="p">.</span><span class="nx">onclose</span> <span class="o">=</span> <span class="kd">function</span><span class="p">(</span><span class="nx">event</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">event</span><span class="p">.</span><span class="nx">code</span> <span class="o">===</span> <span class="mi">1008</span> <span class="o">||</span> <span class="nx">event</span><span class="p">.</span><span class="nx">code</span> <span class="o">===</span> <span class="mi">4001</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// 1008 is a policy violation code, often used for unauthorized access </span> <span class="c1">// 4001 is a custom application code typically used for invalid or expired tokens</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">'</span><span class="s1">WebSocket closed due to unauthorized access</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="p">};</span> </code></pre> </div> <p>At this moment, there are two possible reasons:</p> <ul> <li><p>access token got <strong>expired</strong></p></li> <li><p>the user got <strong>unauthorized</strong> (for example, the user logged out in another browser window).</p></li> </ul> <p>In both cases backend sees that the access token we send isn't valid anymore.</p> <p>Usually, when socket connection is closed, you try to <strong>reconnect</strong> a few times. We will try to reconnect here too. But if we try to reconnect with the same invalid access token, we will be getting the same error response. We need to get a new access token first, before trying to reconnect.</p> <p>So it would be something like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">socket</span><span class="p">.</span><span class="nx">onclose</span> <span class="o">=</span> <span class="k">async</span> <span class="nf">function </span><span class="p">(</span><span class="nx">event</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">event</span><span class="p">.</span><span class="nx">code</span> <span class="o">===</span> <span class="mi">1008</span> <span class="o">||</span> <span class="nx">event</span><span class="p">.</span><span class="nx">code</span> <span class="o">===</span> <span class="mi">4001</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// 1008 is a policy violation code, often used for unauthorized access</span> <span class="c1">// 4001 is a custom application code typically used for invalid or expired tokens</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">"</span><span class="s2">WebSocket closed due to unauthorized access</span><span class="dl">"</span><span class="p">);</span> <span class="c1">// requesting a new access token with refresh request, store a new token in memory</span> <span class="k">await</span> <span class="nf">refreshTokenRequest</span><span class="p">();</span> <span class="c1">// just for safety check again if we got a valid access token</span> <span class="k">if </span><span class="p">(</span><span class="nx">tokenStorage</span><span class="p">.</span><span class="nf">isTokenActive</span><span class="p">())</span> <span class="p">{</span> <span class="c1">// reconnect</span> <span class="nf">connectWebSocket</span><span class="p">();</span> <span class="p">}</span> <span class="p">}</span> <span class="p">};</span> </code></pre> </div> <p>Common close codes to handle:</p> <ul> <li><p><strong>1008</strong> — policy violation (unauthorized access)</p></li> <li><p><strong>4001</strong> — custom code often used for expired tokens (always check your backend docs)</p></li> </ul> <blockquote> <p>If you try to reconnect with the same invalid token, you will keep getting the same error. Always request a <strong>new access token first</strong>, then reconnect.</p> </blockquote> <p><strong>Tip:</strong> Add a <strong>maximum reconnect attempt limit</strong> to avoid infinite retry loops.</p> <h2> <strong>Recap</strong> </h2> <p>We covered the full JWT authentication flow in React:</p> <ul> <li><p><strong>Access token</strong> is stored in memory and sent with every request</p></li> <li><p><strong>Refresh token</strong> lives in an HTTP-only cookie and is handled automatically by the browser</p></li> <li><p>Tokens should be <strong>stored in memory</strong>, not localStorage, to avoid security risks</p></li> <li><p>Use a <strong>local object</strong> to manage token state across your app</p></li> <li><p>When access token expires, call the <strong>refresh endpoint</strong> to get a new one without logging the user out</p></li> <li><p>Use <strong>route loaders</strong> instead of useEffect for auth checks to avoid page flicker</p></li> <li><p>For WebSockets, always <strong>refresh the token before reconnecting</strong> after a 1008 or 4001 close code</p></li> </ul> <p>The server is always the source of truth, the frontend only reacts to what the server tells it.</p> authjs webdev frontend tutorial finally() in JavaScript: Why It Can't (Usually) Change a Promise's Result Aleksandra Dudkina Sun, 04 Jan 2026 21:49:38 +0000 https://dev.to/sashadudkina5/finally-in-javascript-why-it-cant-usually-change-a-promises-result-4o9j https://dev.to/sashadudkina5/finally-in-javascript-why-it-cant-usually-change-a-promises-result-4o9j <p>A common misconception is that <code>finally()</code> behaves like <code>then()</code>.<br><br> In reality, it doesn’t receive values, ignores return values, and only affects a promise in very specific cases. Let’s see why.</p> <h1> <code>finally()</code>: Why It Can’t Change a Promise Result </h1> <h2> <code>finally()</code> doesn’t receive arguments </h2> <p>Let's start with a quick quiz to test your understanding:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">myPromise</span><span class="p">.</span><span class="nf">then</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="dl">"</span><span class="s2">Hi, Sasha!</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="k">finally</span><span class="p">(</span><span class="nx">res</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">res</span> <span class="o">+</span> <span class="dl">"</span><span class="s2">Whats up?</span><span class="dl">"</span><span class="p">))</span> <span class="c1">//what will appear in console?</span> </code></pre> </div> <p>If you think the answer is “Hi, Sasha!Whats up?” then keep reading 🙂</p> <h2> How finally() works under the hood </h2> <p>The <code>finally</code> method doesn't have its own low-level implementation in the Promise specification.</p> <p>Under the hood, it simply delegates to <code>then</code>, using the same callback for both success and failure:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">promise</span><span class="p">.</span><span class="k">finally</span><span class="p">(</span><span class="nx">onDone</span><span class="p">);</span> <span class="c1">// is roughly equivalent to</span> <span class="nx">promise</span><span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">onDone</span><span class="p">,</span> <span class="nx">onDone</span><span class="p">);</span> </code></pre> </div> <p>Because of this <code>onDone</code> <strong>doesn’t receive any arguments</strong> (no resolved value, no rejection reason)</p> <p>And what happens to the parameter value which wasn’t passed? Correct: it stays <strong>undefined</strong>.</p> <p>Correct answer to the quiz is <strong>“undefinedWhats up?“</strong> as <code>res</code> value is <strong>undefined.</strong></p> <h2> What happens to the Promise value after <code>finally()</code>? </h2> <p>Another quiz:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">myPromise</span><span class="p">.</span><span class="nf">then</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="dl">"</span><span class="s2">Hi, Sasha!</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="k">finally</span><span class="p">(</span><span class="nx">res</span> <span class="o">=&gt;</span> <span class="dl">"</span><span class="s2">my new result</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">res</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">res</span><span class="p">))</span> <span class="c1">//what will be logged here?</span> </code></pre> </div> <p>The answer is "Hi, Sasha!"</p> <p>The value returned from <code>finally()</code> is simply <strong>ignored</strong>.</p> <p>This is a key rule: <code>finally()</code> <strong><em>doesn’t change Promise’s state.</em></strong></p> <p>It exists for <strong>side effects only</strong> - cleanup logic, metrics, etc.</p> <h2> Why the returned value from <code>finally()</code> is ignored </h2> <ul> <li><p><code>finally()</code> doesn’t receive the resolved value</p></li> <li><p>it can’t pass a new value down the chain</p></li> <li><p>the Promise continues with the value from the last <code>then()</code> or <code>catch()</code></p></li> </ul> <p>So this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="p">.</span><span class="k">finally</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="dl">"</span><span class="s2">new value</span><span class="dl">"</span><span class="p">)</span> </code></pre> </div> <p>is effectively the same as:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="p">.</span><span class="k">finally</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{})</span> </code></pre> </div> <h3> Takeaways so far </h3> <ul> <li><p>Since <code>finally()</code> doesn't get any arguments, any value given to it stays <strong>undefined</strong>.</p></li> <li><p>The return value from a <code>finally()</code> callback is <strong>ignored</strong> and <strong>doesn't change the Promise's state</strong> or the next <code>then()</code> chain</p></li> <li><p>The Promise keeps the value from the last <code>then()</code> or <code>catch()</code> before <code>finally()</code> was called.</p></li> </ul> <h2> Can <code>finally()</code> change the Promise state? </h2> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nb">Promise</span><span class="p">.</span><span class="nf">resolve</span><span class="p">(</span><span class="dl">"</span><span class="s2">OK</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="k">finally</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">"</span><span class="s2">Something went wrong</span><span class="dl">"</span><span class="p">);</span> <span class="p">})</span> <span class="p">.</span><span class="nf">then</span><span class="p">((</span><span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">res</span><span class="p">))</span> <span class="p">.</span><span class="k">catch</span><span class="p">((</span><span class="nx">err</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">err</span><span class="p">));</span> <span class="c1">//what is the Promise state at this point?</span> <span class="c1">//what will be logged? "OK" or "Something went wrong"?</span> </code></pre> </div> <p>At first glance, you might expect <code>"OK"</code>.</p> <p>After all, we already know that <code>finally()</code> doesn’t change a Promise’s value, right?</p> <p>But in this case, the output will be “Something went wrong” and the Promise ends up <strong>rejected</strong>.</p> <h3> Why does this happen? </h3> <p>The important clarification is this:</p> <blockquote> <p><code>finally()</code> does not change a Promise’s state by default.</p> </blockquote> <p>However, if an error is thrown inside <code>finally()</code>, or if it returns a rejected Promise, that error <strong>overrides the previous state</strong>.</p> <p>Here is another quick quiz:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nb">Promise</span><span class="p">.</span><span class="nf">resolve</span><span class="p">(</span><span class="dl">"</span><span class="s2">OK</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="k">finally</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="nb">Promise</span><span class="p">.</span><span class="nf">reject</span><span class="p">(</span><span class="dl">"</span><span class="s2">Something went wrong</span><span class="dl">"</span><span class="p">)</span> <span class="p">})</span> <span class="p">.</span><span class="nf">then</span><span class="p">((</span><span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">res</span><span class="p">))</span> <span class="p">.</span><span class="k">catch</span><span class="p">((</span><span class="nx">err</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">err</span><span class="p">));</span> <span class="c1">//what is the Promise state at this point?</span> <span class="c1">//what will be logged? "OK" or "Something went wrong"?</span> </code></pre> </div> <p>We are not throwing any error here. However, we are still getting the <strong>"Something went wrong"</strong> here.</p> <p>Another way to change a Promise’s state is to <strong>return a rejected Promise from</strong> <code>finally()</code>.</p> <p>The takeaway we had previously is that the return value from a <code>finally()</code> callback is <strong>ignored, so why returning rejected Promise work?</strong></p> <p>Let’s investigate what happens under the hood.</p> <p>Remember how finally() works?<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">promise</span><span class="p">.</span><span class="k">finally</span><span class="p">(</span><span class="nx">onDone</span><span class="p">);</span> <span class="c1">// is roughly equivalent to</span> <span class="nx">promise</span><span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">onDone</span><span class="p">,</span> <span class="nx">onDone</span><span class="p">);</span> </code></pre> </div> <p>Knowing that, let’s investigate our case:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nb">Promise</span><span class="p">.</span><span class="nf">resolve</span><span class="p">(</span><span class="dl">"</span><span class="s2">OK</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="k">finally</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="nb">Promise</span><span class="p">.</span><span class="nf">reject</span><span class="p">(</span><span class="dl">"</span><span class="s2">Something went wrong</span><span class="dl">"</span><span class="p">)</span> <span class="p">})</span> <span class="p">.</span><span class="nf">then</span><span class="p">((</span><span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">res</span><span class="p">))</span> <span class="p">.</span><span class="k">catch</span><span class="p">((</span><span class="nx">err</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">err</span><span class="p">));</span> <span class="c1">//is roughly the same as:</span> <span class="nb">Promise</span><span class="p">.</span><span class="nf">resolve</span><span class="p">(</span><span class="dl">"</span><span class="s2">OK</span><span class="dl">"</span><span class="p">)</span> <span class="c1">//this is our finally method</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span> <span class="c1">// first onDone callback</span> <span class="nx">value</span> <span class="o">=&gt;</span> <span class="nb">Promise</span><span class="p">.</span><span class="nf">resolve</span><span class="p">(</span> <span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="nb">Promise</span><span class="p">.</span><span class="nf">reject</span><span class="p">(</span><span class="dl">"</span><span class="s2">Something went wrong</span><span class="dl">"</span><span class="p">);</span> <span class="p">})()</span> <span class="p">).</span><span class="nf">then</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="nx">value</span><span class="p">),</span> <span class="c1">// if resolves, continue with the previous value</span> <span class="c1">// second onDone callback</span> <span class="nx">reason</span> <span class="o">=&gt;</span> <span class="nb">Promise</span><span class="p">.</span><span class="nf">resolve</span><span class="p">(</span> <span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="nb">Promise</span><span class="p">.</span><span class="nf">reject</span><span class="p">(</span><span class="dl">"</span><span class="s2">Something went wrong</span><span class="dl">"</span><span class="p">);</span> <span class="p">})()</span> <span class="c1">//throwing error</span> <span class="p">).</span><span class="nf">then</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">throw</span> <span class="nx">reason</span><span class="p">;</span> <span class="p">})</span> <span class="c1">// if gets rejected, continue with rejection reason as value</span> <span class="p">)</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">res</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">res</span><span class="p">))</span> <span class="c1">//this is ignored </span> <span class="p">.</span><span class="k">catch</span><span class="p">(</span><span class="nx">err</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">err</span><span class="p">));</span> <span class="c1">//this is called</span> </code></pre> </div> <p>Remember that throwing error changes Promise’s state?</p> <p>This is what is done behind the scenes when we return a rejected Promise.</p> <p>Note that if you return a new <strong>resolved promise</strong> from <code>finally()</code>, <strong>nothing changes</strong>. The chain waits for it to resolve, and <code>then()</code> continues with the <strong>original value</strong>.</p> <h2> Final takeaways </h2> <ul> <li><p>Since <code>finally()</code> doesn't receive any arguments, any value provided to it remains <strong>undefined</strong>.</p></li> <li><p>The return value from a <code>finally()</code> callback is <strong>ignored</strong> and does not alter the Promise's state or affect the subsequent <code>then()</code> chain.</p></li> <li> <p>The Promise retains the value from the last <code>then()</code> or <code>catch()</code> before <code>finally()</code> was invoked, unless:</p> <ul> <li>The method returns a rejected Promise.</li> <li>An error is thrown within the method.</li> </ul> </li> </ul> programming javascript frontend