Authentication on the Web (Sessions, Cookies, JWT, localStorage, and more)

Best video on web auth that has ever been produce by the mankind. Period.

LIKE from INDIA. At least 15 videos, 10 articles, countless days I spent to understand (10%) about authentication techniques and you refreshed that knowledge in one shot!

this is still, a year later, the best resource that I've found on cookies and sessions! Chapeau

This video cant be better than it is now, dead simple, concise, strictly to the point,thank you so much for the GREAT content , keep up

Dude. You are the man. The world needs more videos like this.

Finally, an explanation for web authentication for people who are not 5 years olds.

Timestamps:
Authentication: 0:16
Session Auth/Flow: 1:24
Session Auth/Features: 2:21
Cookies: 4:10
Cookies/Security: 5:50
Cookies/Attributes: 7:14
Cookies/Flags: 8:02
CSRF: 8:47
Tokens/Flow: 9:35
Tokens/Features: 10:53
JWT: 13:04
JWT/Security: 16:23

You're the man! It's incredible that we can consume this content for free in such a concise yet thoroughly delivered manner. A big thank you for the time you put in creating these videos and for sharing your knowledge with us!

My goodness, man, not a single second wasted, just a non-stopping flow of information. Your videos are the best on the whole internet; concise, packed, and straight to the point. Thank you very much for what you're doing.

No one had explained like this, it is exceptional and beyond any online presentation that mankind has ever encountered.
Absolutely Phenomenal.
If a grade has to be given to you, you deserve for five courses in a term with
a grade of A+, A+, A+, A+ , A+ with flying colors, or in simple terms " very great distinction" .

Best video on Auth. Deserves to be ranked higher by UA-cam ...

i tried this same style to create a tutorial on php. i got pummeled down with down votes. people didt like it when i read out from a slide show. but you! you have done a great service to a lot of people. thank you!

This video must be the *prerequisite* video for every web development/backend course out there.
Thanks, man! crystal clear explanation!

I would LOVE to hear the same topic but in context of SPA & WebSockets authentication (distributed micro-service systems). This is the No.1 explanation in the whole UA-cam! You have a talent!

This video summarizes hours of other videos and blog posts all over the Internet. Well done.

Full, comprehensive, unbiased and objective unlike most of the speakers go gaga about 1000% STATELESS blah blah!
Only REAL benefit I can think of jwt is, that it can mitigate DDSA, that a Front End service, which can reject the request with a just simple signature verification made on JWT, instead of every time going down to authenticate and then reject, as in the case of stateful.

This is the kinds of videos that I've been looking for like 3 years, Thank you so much Sr.

This is the single most amazing piece of information on web auth on the entire internet. Wow.

this is the best video on youtube for "Authentication" :)

Wow. Talk about clarity.... I appreciate the effort. Your content is GOLD

Nicely done. Clear and concise. One tiny quibble: The word "opaque" should be pronounced as "oh-pake", not as "oh-pack". It is a word borrowed from optics, where it means non-transparent. One might say that a one-way mirror is transparent on one side and opaque on the other.

Authentication = login + password (who you are).
Authorization = permissions (what you are allowed to do).
Nice video!

Hey I know this is an old video, but this video is what secured these concepts in my head. Every second of the video is high quality information with very little noise. Thanks!

Authentication suddenly became easy. Thanks a lot, sir!

Incredible quality and quantity of information here. I'm so grateful for this video. Thank you.
(I'm a startup founder who's learning how to build a Web frontend!)

Very very very very very very very very very very very very very very very..........on point. Sums everything on authentication simply! Great content!

One tip is to watch this video after having some idea on this topics then it will clear all your doubts and be very useful, this I'm saying because a beginner might have difficulty registering all this as I had some time ago.

Seriously, this channel is underrated!

One of the best video on the JWT and session token management. Great work!

the didactics of the video are excellent, congratulations .

13:50 Authorization header is supposed to be used when making a request. It is not supposed to be returned by the server. The JWT is returned either in the body or as a cookie.

cudos . This is THE BEST explination of session and token i have ever seen and in so much depth and details. Can't thank you enough guys. The best of the best..

one of the damn best video I've seen on the topic. Well done sir! And thank you!

Thanks for all your sessions!
One thing on your note on horizontal scaling with session/cookies : once offloaded onto a distributed cache (say redis cluster with consistent hashing for shards) there shouldn't be a problem. If sessions are lost (in case we don't use redundant nodes to backup the session in redis-slave-nodes) - in most cases that should be acceptable. The user only needs to re-login.

This is the most concise and informative resource I've ever seen covering web authentication. Thank you for making this.

My grandfather bought this fruit juicer that you can just put in the whole fruit, with its skin and all, and squeezes every bit of it. This video reminded me of that hell of a machine.

this is one of the super type of videos in the youtube

13:47 You confuse request and response. "Authorization" is a request header, and you're showing it in a response. The token is sent in the body of the response, read out by the client, and then send in the "Authorization: Bearer " header in subsequent requests.

This video is my top pick for the year. Thanks for the awesome content - it really made a humongous difference for me!

best presentation on authentication and its details.. thanks for your time in explaining it very clearly.. appreciate it.

Excellent explanation. It covers everything you need to now about web auth. It saved me a lot of time and effort to learn it on my own. Very compact and clear. Thank you!!

The very best on this topic, very clearly and precisely described, bravo!

Thanks so much for the best video on JWT & Session based authentication.

dude just thank u very much i was so confused but i am relieved now. Perfect.

What a comprehensive and well-put-together vid! Thanks a lot!

Thank you so much sir for this detailed session on client side web security and cookies session things .

Extremely clear explanation.

hey you! solve most of the missed bridges in my brain. you deserve thumbs up

Very straightforward and clear. Excellent. Thanks.

Excellent video for overview of auth on the web.

This is brilliant, you made so many concepts easier to understand in a simple video

Wow man, I am amazed by how you simplified everything! Awesome video, made my understanding of all the auths concrete after I watched this video. You're amazing!

This is Gold content. Hands down. Great.

This information was really useful for me. I'm just starting webdev and wanted to learn more about how to keep the sessions secure. Thank you!

One of the best videos on the topic.

Your video was a great teaching tool for my interns. You make the complicated simple. WELL DONE SIR!

Best video one could get on Security. Underrated channel. Thanks!

I really enjoyed this video. You sir are a professional developer with very good presentation skills

I spent days of time to understand the specified concepts but with this video opened my eyes.. Wonderful Work Sir! Please keep posting or refer if you already have anything related to OWASP Top 10 testing

Beautifully explained and cleared my doubts. Thank you.

It is puzzling but also interesting how your face is expressionless while your voice reads with some expression. Very fascinating.

Thanks for the excellent video. Clarified few doubts I had. Keep it going.

Best auth tutorial I have watched. Thanks you

Wow!! Thanks bro for sharing. I see you put a lot of work into this video and it is really appreciated. I thought I can just watch this video but I see that i need to LEARN this video and it wont take me one sitting. Thanks again.

while watching this video I was like damm this is what I needed. Thank you sir

You're a lifesaver. I can't thank you enough!!

Thanks a lot! This is the only well-explained content i found on the internet.

What a great video, clears many questions I had!

Thank you very much for this video. I've been struggling with this for quite a while.

Brilliant structure and presentation

The video is actual gold, good job mate

Very nicely explained. Many thanks for sharing the notes.

BEST VIDEO EVER PRODUCED!
ON AUTH

I enjoyed very much this presentation.

Your video helped me a lot to understand authentication. You put it short and simple. Thank you! Guys like you makes the Internet a better place. :)

Thanks for the effort you put to make it easy to understand. Thank you so much. Now I have more clarity about authentication. Keep making more such videos.

This is exactly what I was looking for. Concise but informative explanation. Thank you!

Awesome video, thanks for this amazing presentation! Concise, to the point, with no jargon but you didn't miss any vital info. Many Thanks!

thank you very much for your time spend to create this, everything is here no need to watch any other video or blog regarding Authentication :)

Excelent video! Hugs from Brazil.

Very important information! Thank you very match! But one thing that can be improved: The changing of topics is without any notice, I am sure that if you will give a prominent header to a new topic, it will be even better

Great videos. Straightforward, no bullshit. Thank you.

Excellent information about two subjects that are difficult to understand.

So how google
Github. Twitter. Facebook. Instagram..etc...create websites and apis?
They use something like JWT stareful? Which one do they use?

This is the best content i have found

one of the damn best video I've seen on the topic. Well done sir! And thank you

Great job! Excellent presentation.

so far the best video I encountered.Thank you for this amazing content.I am waiting for more like this

Looking forward to the node.js implementation videos!

Someone give this man a Medal..

Matched by none, truly!

The best explanation that I ever came across ! Thank you very much !

Great content!! One correction , CSRF tokens are not sent as cookies. That would defeat the purpose of it as cookies can be forwarded from a malicious call. They are sent as separate headers.

Agree with the rest here. Very very great video, good explanation.

This is an amazing video. Very informative, and has little bias so that I can consider the trade offs for myself. Thank you for making this!

Thanks, man. You really made everything clear for me now. I'm really thankful for your efforts.

Amazing video, makes these concepts easy to understand. Thank you!

This is PERFECT. Thank you for the wonderful content. Learned a lot as a penetration tester.

Hi there, I have a requirement" to be able to trigger jenkins job remotely using JWT authentication" how can this be achieved

Exactly what ive been looking for. 🚀 thank you so much!