Authentication on the Web (Sessions, Cookies, JWT, localStorage, and more)

Best video on web auth that has ever been produce by the mankind. Period.

This video cant be better than it is now, dead simple, concise, strictly to the point,thank you so much for the GREAT content , keep up

this is still, a year later, the best resource that I've found on cookies and sessions! Chapeau

LIKE from INDIA. At least 15 videos, 10 articles, countless days I spent to understand (10%) about authentication techniques and you refreshed that knowledge in one shot!

Dude. You are the man. The world needs more videos like this.

You're the man! It's incredible that we can consume this content for free in such a concise yet thoroughly delivered manner. A big thank you for the time you put in creating these videos and for sharing your knowledge with us!

My goodness, man, not a single second wasted, just a non-stopping flow of information. Your videos are the best on the whole internet; concise, packed, and straight to the point. Thank you very much for what you're doing.

This video must be the *prerequisite* video for every web development/backend course out there.
Thanks, man! crystal clear explanation!

This is the kinds of videos that I've been looking for like 3 years, Thank you so much Sr.

I would LOVE to hear the same topic but in context of SPA & WebSockets authentication (distributed micro-service systems). This is the No.1 explanation in the whole UA-cam! You have a talent!

Timestamps:
Authentication: 0:16
Session Auth/Flow: 1:24
Session Auth/Features: 2:21
Cookies: 4:10
Cookies/Security: 5:50
Cookies/Attributes: 7:14
Cookies/Flags: 8:02
CSRF: 8:47
Tokens/Flow: 9:35
Tokens/Features: 10:53
JWT: 13:04
JWT/Security: 16:23

No one had explained like this, it is exceptional and beyond any online presentation that mankind has ever encountered.
Absolutely Phenomenal.
If a grade has to be given to you, you deserve for five courses in a term with
a grade of A+, A+, A+, A+ , A+ with flying colors, or in simple terms " very great distinction" .

One tip is to watch this video after having some idea on this topics then it will clear all your doubts and be very useful, this I'm saying because a beginner might have difficulty registering all this as I had some time ago.

This video summarizes hours of other videos and blog posts all over the Internet. Well done.

Wow. Talk about clarity.... I appreciate the effort. Your content is GOLD

Hey I know this is an old video, but this video is what secured these concepts in my head. Every second of the video is high quality information with very little noise. Thanks!

this is the best video on youtube for "Authentication" :)

Finally, an explanation for web authentication for people who are not 5 years olds.

Best video on Auth. Deserves to be ranked higher by UA-cam ...

one of the damn best video I've seen on the topic. Well done sir! And thank you!

One of the best video on the JWT and session token management. Great work!

This is the single most amazing piece of information on web auth on the entire internet. Wow.

This video is my top pick for the year. Thanks for the awesome content - it really made a humongous difference for me!

Very very very very very very very very very very very very very very very..........on point. Sums everything on authentication simply! Great content!

Incredible quality and quantity of information here. I'm so grateful for this video. Thank you.
(I'm a startup founder who's learning how to build a Web frontend!)

This is the most concise and informative resource I've ever seen covering web authentication. Thank you for making this.

the didactics of the video are excellent, congratulations .

cudos . This is THE BEST explination of session and token i have ever seen and in so much depth and details. Can't thank you enough guys. The best of the best..

i tried this same style to create a tutorial on php. i got pummeled down with down votes. people didt like it when i read out from a slide show. but you! you have done a great service to a lot of people. thank you!

Thanks so much for the best video on JWT & Session based authentication.

Excellent explanation. It covers everything you need to now about web auth. It saved me a lot of time and effort to learn it on my own. Very compact and clear. Thank you!!

dude just thank u very much i was so confused but i am relieved now. Perfect.

hey you! solve most of the missed bridges in my brain. you deserve thumbs up

Full, comprehensive, unbiased and objective unlike most of the speakers go gaga about 1000% STATELESS blah blah!
Only REAL benefit I can think of jwt is, that it can mitigate DDSA, that a Front End service, which can reject the request with a just simple signature verification made on JWT, instead of every time going down to authenticate and then reject, as in the case of stateful.

What a comprehensive and well-put-together vid! Thanks a lot!

Awesome video, thanks for this amazing presentation! Concise, to the point, with no jargon but you didn't miss any vital info. Many Thanks!

Wow man, I am amazed by how you simplified everything! Awesome video, made my understanding of all the auths concrete after I watched this video. You're amazing!

Open Source:
Barracuda Identity Provider for Azure Functions, OAuth 2.0 and OpenID.
Nugget Package:
www.nuget.org/packages/Identity.Provider.Barracuda/
Video:
ua-cam.com/video/-2_FER6NL5I/v-deo.html
Documentation:
www.chambapatodos.com/?epkb_post_type_1=identity-provider
Barracuda OpenAPI for Azure Functions, OpenAPI 3.0 and SWAGGER.
Nuget Package:
www.nuget.org/packages/Barracuda.OpenApi/
Video:
ua-cam.com/video/pmu3CRmNayM/v-deo.html
Documentation:
www.chambapatodos.com/?epkb_post_type_1=open-api-package

The very best on this topic, very clearly and precisely described, bravo!

Thanks for the excellent video. Clarified few doubts I had. Keep it going.

What a great video, clears many questions I had!

Nicely done. Clear and concise. One tiny quibble: The word "opaque" should be pronounced as "oh-pake", not as "oh-pack". It is a word borrowed from optics, where it means non-transparent. One might say that a one-way mirror is transparent on one side and opaque on the other.

Best video one could get on Security. Underrated channel. Thanks!

best presentation on authentication and its details.. thanks for your time in explaining it very clearly.. appreciate it.

This is brilliant, you made so many concepts easier to understand in a simple video

Very straightforward and clear. Excellent. Thanks.

Wow!! Thanks bro for sharing. I see you put a lot of work into this video and it is really appreciated. I thought I can just watch this video but I see that i need to LEARN this video and it wont take me one sitting. Thanks again.

Brilliant structure and presentation

The video is actual gold, good job mate

Thanks for the effort you put to make it easy to understand. Thank you so much. Now I have more clarity about authentication. Keep making more such videos.

This is an amazing video. Very informative, and has little bias so that I can consider the trade offs for myself. Thank you for making this!

This is exactly what I was looking for. Concise but informative explanation. Thank you!

Thanks a lot! This is the only well-explained content i found on the internet.

Thank you very much for this video. I've been struggling with this for quite a while.

Seriously, this channel is underrated!

Authentication suddenly became easy. Thanks a lot, sir!

This is Gold content. Hands down. Great.

one of the damn best video I've seen on the topic. Well done sir! And thank you

Thank you so much sir for this detailed session on client side web security and cookies session things .

thank you very much for your time spend to create this, everything is here no need to watch any other video or blog regarding Authentication :)

Your video helped me a lot to understand authentication. You put it short and simple. Thank you! Guys like you makes the Internet a better place. :)

Extremely clear explanation.

You're a lifesaver. I can't thank you enough!!

I really enjoyed this video. You sir are a professional developer with very good presentation skills

Cheers for keeping it short and to the point bro. Very informative, so definitely a thumbs up!

so far the best video I encountered.Thank you for this amazing content.I am waiting for more like this

Thanks for all your sessions!
One thing on your note on horizontal scaling with session/cookies : once offloaded onto a distributed cache (say redis cluster with consistent hashing for shards) there shouldn't be a problem. If sessions are lost (in case we don't use redundant nodes to backup the session in redis-slave-nodes) - in most cases that should be acceptable. The user only needs to re-login.

Excellent video for overview of auth on the web.

So simple and effective video... Just subscribed the channel.. Thanks a ton for putting this video out.

One of the best videos on the topic.

BEST VIDEO EVER PRODUCED!
ON AUTH

Amazing video, makes these concepts easy to understand. Thank you!

Your video was a great teaching tool for my interns. You make the complicated simple. WELL DONE SIR!

Thanks, man. You really made everything clear for me now. I'm really thankful for your efforts.

Hi there, I have a requirement" to be able to trigger jenkins job remotely using JWT authentication" how can this be achieved

Beautifully explained and cleared my doubts. Thank you.

I spent days of time to understand the specified concepts but with this video opened my eyes.. Wonderful Work Sir! Please keep posting or refer if you already have anything related to OWASP Top 10 testing

this is one of the super type of videos in the youtube

The best explanation that I ever came across ! Thank you very much !

Great video! I appreciate you putting this together :)

An excellent video! Includes everything that I was looking for

Best auth tutorial I have watched. Thanks you

13:50 Authorization header is supposed to be used when making a request. It is not supposed to be returned by the server. The JWT is returned either in the body or as a cookie.

Very nicely explained. Many thanks for sharing the notes.

This information was really useful for me. I'm just starting webdev and wanted to learn more about how to keep the sessions secure. Thank you!

Exactly what ive been looking for. 🚀 thank you so much!

My grandfather bought this fruit juicer that you can just put in the whole fruit, with its skin and all, and squeezes every bit of it. This video reminded me of that hell of a machine.

Great videos. Straightforward, no bullshit. Thank you.

So how google
Github. Twitter. Facebook. Instagram..etc...create websites and apis?
They use something like JWT stareful? Which one do they use?

Excelent video! Hugs from Brazil.

Matched by none, truly!

Great job! Excellent presentation.

Best video about web auth I've ever seen

I enjoyed very much this presentation.

Really one of the best videos on that topic ! Thanks for such great info

excellent, way better than expected

13:47 You confuse request and response. "Authorization" is a request header, and you're showing it in a response. The token is sent in the body of the response, read out by the client, and then send in the "Authorization: Bearer " header in subsequent requests.

Super valuable. Thanks for the breakdown and thoroughness.

This is PERFECT. Thank you for the wonderful content. Learned a lot as a penetration tester.

Amazing, complete and we have a good resource to learn!