Another thing: never use "===" to check auth tokens -- use a time-secure comparison like npmjs.com/package/secure-compare
EDIT: apparently it's in core now: crypto.timingSafeEqual(a, b)
That is cool. Thank you, I was not aware of that API.
You can also use XOR to compare
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.