Is there any difference having the jwt in the headers than cookies. I’ve seen other people use that approach. Is it for security reasons or just preference
Good question. If we don't store the JWT in a cookie, we'd need to store it in LocalStorage. I don't like to keep security-related things like that in local storage because client side JS can access it. The beauty of an HTTP-only cookie is that even if malicious JS somehow got on our site it cannot access the cookie value. Having said that, if malicious JS code is somehow on our site, then the malicious person could perform any action they wanted on behalf of an innocent user anyways by having the innocent user submit requests and their cookie would be automatically sent along. But the attacker still wouldn't know the secret JWT value that's in the cookie, so in other words, as soon as the innocent user closed their browser tab the security threat would be over. Whereas if malicious JS could access the JWT value, they could continue to perform actions as that user for as long as the token doesn't expire.
I have your Fullstack JS course that covers Mongo but I have been trying to put together sqlite with node express for the past week. So this is amazing!! A video comparing different technologies and when or why to use them would be a great follow up.
Thanks! I can point you in the right direction. There's a great package on npm called nodemailer. You'd want to email a user a JWT token that expires after maybe 10 minutes. But have that token give whoever clicks it permission to change the password.
I know what you mean about services doing that; reminds me of Netflix. But DreamHost has been around for I believe about 27 years and I don't see that happening with them. I've used them for about 19 years and they've never done anything to break my trust.
@@LearnWebCode I somehow don't doubt for a second that it will be! I have a bit of an involved question for you, I'm not sure if you've made any videos on it yet, but the question is, what motivates you to Code and why do you do it? Is it a passion for Tech or solving problems and building things etc or all of the above? Thanks so much again for this course!
I agree 100%, but that would have been yet another technology in a video that already covered a lot. That would make for the perfect follow up video though; how to take this app and containerize it and deploy it.
I wanted to learn nodejs in the month of October and here you post the video 😅
I was learning Node from another website and wanted to find other resources for it and like a miracle you post a course for Node. THANK YOU!
Every time I watch your videos, I get automagically smarter. Thanks much Brad! Fun tutorial!!!
Is there any difference having the jwt in the headers than cookies. I’ve seen other people use that approach. Is it for security reasons or just preference
Good question. If we don't store the JWT in a cookie, we'd need to store it in LocalStorage. I don't like to keep security-related things like that in local storage because client side JS can access it. The beauty of an HTTP-only cookie is that even if malicious JS somehow got on our site it cannot access the cookie value. Having said that, if malicious JS code is somehow on our site, then the malicious person could perform any action they wanted on behalf of an innocent user anyways by having the innocent user submit requests and their cookie would be automatically sent along. But the attacker still wouldn't know the secret JWT value that's in the cookie, so in other words, as soon as the innocent user closed their browser tab the security threat would be over. Whereas if malicious JS could access the JWT value, they could continue to perform actions as that user for as long as the token doesn't expire.
I have your Fullstack JS course that covers Mongo but I have been trying to put together sqlite with node express for the past week. So this is amazing!!
A video comparing different technologies and when or why to use them would be a great follow up.
After started journey of WordPress developer with you. Now I get my next milestone to follow. Thank you 🙏
WTF!!! Just spent an entire goddam week looking for exactly this, didn't find and now here comes the recommendation
❤
This video is amazing. Thank you so much! My deepest respect to you.
Thank you Brad for this. Badly needed this for a for a project
Such a nyce tutorial. Love you from India🇮🇳
Excellent tutorial, We wish you could upgrade this app by adding a forgot password feature... Huge Thanks!!!
Thanks! I can point you in the right direction. There's a great package on npm called nodemailer. You'd want to email a user a JWT token that expires after maybe 10 minutes. But have that token give whoever clicks it permission to change the password.
pls make a front end and how to connect them
just a heads up: i noticed there’s a problem with the first link in the video’s description
Really appreciate that! I totally missed that; thank you!
yeah dream host is worth it but we know that every service when it gets successful they start to charge extra, hop dream host will remain as it is
I know what you mean about services doing that; reminds me of Netflix. But DreamHost has been around for I believe about 27 years and I don't see that happening with them. I've used them for about 19 years and they've never done anything to break my trust.
Best teacher ever 🤗🤗🤗
I love your videos
Great video 👏
Hi this was so cool
Awesome! ❤❤❤
Love you man
🎉🎉thanks!
Bang on, Brad. I really appreciate this content.
Thank you Alan!
Awesome
nice!
Great. I was waiting for this. Thanks Brad.
You're welcome! Hope it's helpful!
I'm not even 20 seconds in and have already liked and saved this cause I know it's going to be pure Gold.
I really appreciate that Phill! Hope the course is helpful.
@@LearnWebCode I somehow don't doubt for a second that it will be! I have a bit of an involved question for you, I'm not sure if you've made any videos on it yet, but the question is, what motivates you to Code and why do you do it? Is it a passion for Tech or solving problems and building things etc or all of the above? Thanks so much again for this course!
MERCI 🙂
I think better option is to use docker for deployment 😜
I agree 100%, but that would have been yet another technology in a video that already covered a lot. That would make for the perfect follow up video though; how to take this app and containerize it and deploy it.
@@LearnWebCodeplease that will be a great video and thank you.
Now lets declare a variable : CONST x ... no offense PHP is better and nicer
1:21:31
if (
req.body.username.trim().length < 1 ||
req.body.password.length < 1
) errors.push("invalid username/password.")