Using HttpOnly cookies in React & Node | Storing JWT Tokens or SessionID Securely

preview_player
Показать описание
In this video, I've explained about how can you use httpOnly cookie. What it means as for your project and how to use it to store your JWT Tokens or Sessions securely. We have used libraries like React, Express, axios, cookie-parser and universal-cookies to demo all of the functionality

🚨 Important announcement -

Hi, I just want to let you all know that my first course i.e
The Ultimate DynamoDB Course is now open for all. Make sure to take a free preview with 30 days money back guarantee.

Additional stuffs:

Timeline:
00:00 - Preface
03:55 - Cookies vs Local Storage vs Session Storage
04:43 - Why use cookies and its features
06:45 - Why HttpOnly Cookies?
08:45 - Demo time- creating cookies in browser
16:42 - Creating httpOnly cookie in backend
23:30 - Using axios to get httpOnly cookies from server
28:00 - How to delete httpOnly cookies?
31:15 - How to use JWT tokens and refresh them with this method
34:00 - Proof of security of HttpOnly cookies
34:50 - End word + your feedback. Like, Share and Subscribe
If you have any suggestions, Queries or any though just leave it in comment and I'll be happy to get back to you
#httpOnlyCookies #JWT #WebSecurity

FIND ME HERE:
  1. Rahul Ahire
  2. secure cookies
  3. web security
  4. storing jwt tokens safely
  5. storing session securly
  6. protection against xss and csrf
Рекомендации по теме
React Authentication: How 0:05:19

React Authentication: How to Store JWT in a Cookie | React JS Tutorial

Using HttpOnly cookies 0:36:14

Using HttpOnly cookies in React & Node | Storing JWT Tokens or SessionID Securely

React Login Authentication 0:41:01

React Login Authentication with JWT Access, Refresh Tokens, Cookies and Axios

Secure JWT Authentication 0:12:53

Secure JWT Authentication - Where to store the JWT Token. How to store JWT token in httpOnly cookies

How to Get 0:05:50

How to Get the Current User in React from JWT in Cookie

Cookies: Part 1 0:03:20

Cookies: Part 1 - How HTTPOnly Works

How to store 0:16:12

How to store JWT token in httpOnly cookies - mongodb express react node js - PART 10

MERN Stack Authentication 0:37:22

MERN Stack Authentication with JWT Access, Refresh Tokens, Cookies

How to make 0:00:50

How to make Http Only Cookies Secure - Secure Http only Cookies

Stop using JSON 0:23:33

Stop using JSON Web Tokens. Use Cookies & Server Sessions instead

#4 |ReactJS(v18) | 0:11:51

#4 |ReactJS(v18) | JWT Auth HTTP Only Cookie | Protecting Routes And Logout Implementation

Authentication in React 0:23:45

Authentication in React with JWTs, Access & Refresh Tokens (Complete Tutorial)

Learn JWT in 0:10:20

Learn JWT in 10 Minutes with Express, Node, and Cookie Parser

React Persistent User 0:37:27

React Persistent User Login Authentication with JWT Tokens

Django & React 0:53:28

Django & React - JWT Authentication with Http-Only Cookie Part 1 - Backend

Eps 9. Django 0:06:07

Eps 9. Django React JWT Authentication Applying HTTP Only Cookie For Handling Refresh Token

Why HttpOnly Cookies 0:15:03

Why HttpOnly Cookies Are SAFER Than Local Storage! | Using HttpOnly Cookie With JWT .Net 6 API

HttpOnly Cookie in 0:00:41

HttpOnly Cookie in FastAPI Demo with Code

#3 |ReactJS(v18) | 0:24:06

#3 |ReactJS(v18) | JWT Auth HTTP Only Cookie | Axios Interceptor To Invoke Refresh Token Endpoint

Session vs Token 0:02:18

Session vs Token Authentication in 100 Seconds

LocalStorage was a 0:05:33

LocalStorage was a mistake...

Difference between cookies, 0:11:53

Difference between cookies, session and tokens

Securely Store Local 0:27:11

Securely Store Local Data in Apollo Client, React, and Apollo Server - Using HttpOnly Cookies

Next.js 13 jwt 0:25:30

Next.js 13 jwt authentication protected routes httpOnly cookie with App Directory

Комментарии
Автор

⚠️ In order to make your server read cookies, just use this property of req.cookies.cookieName

🗓️ 22 March 2022 :
One more thing that I didn't mentioned in this video that if you're working on prod/deployment environment then in order to make httponly cookie work make sure the base domain of API and frontend are the same eg. Google.com, fb.com, etc. Rest for samesite and cors, you can choose whatever subdomain as you like to keep frontend and API seperate.

I hope this clears up...

RahulAhire
Автор

The 4-5 days you spent were really useful. I was looking for this kind of solution to my JWT problem but was not able to find anything so detailed like this. Thanks a lot.

vinitgupta
Автор

Man thanks! I was searching a clear explanation like yours for days without any lucky and finally saw your video and it was exactly what I needed!.

adrianrobertoaguilarsandic
Автор

I skipped and skipped and skipped watching this video. And watched every other tutorial. Didn't get one bit. Finally gave in and watch this. Now things make sense and I actually understood how to implement it. Thank you.

gayatridevigovindarajula
Автор

Thank you. Excellent tutorial, after about 3 days of reading docs, messing with code, and watching videos... yours finally helped me set cookies from the backend using Cors/Express/Axios.

josephpetrie
Автор

ha, I was the one who contributed the "fire" animation to the VScode "Power Mode" extension you're using. First time I stumbled on a tutorial with someone using it and it makes me smile. :) nice tutorial btw!

AlanFregtman
Автор

Thanks a lot, Rahul, searched everywhere for a comprehensive tutorial on Nodejs HttpOnly Cookies but I couldn't find any until I stumbled on your tutorial. This has helped me a great deal. Thanks once again, You've earned a fan from Nigeria.

stanleyokonkwo
Автор

Kind'a being honest here, you deserve all the views and likes, this video, that explanation, I have been looking for it for like a year, thank you so so much

elvissautet
Автор

You just saved me from about 8 hours of debugging hell, I couldn’t figure out why the HTTPonly cookie wasn’t sending to the backend was because the cookie wasn’t being set in the first place in the browser. Thank you 🙏🏻

michaeltruong
Автор

I love you man! I've been trying to fix my code roughly and I failed; but with this video, I now understand perfectly. I'm now a subscriber! <3

anthonyezeh
Автор

Wonderful tutorial. Indepth, clear explanations👏🏾

danieladeneye
Автор

Hey friend, thank you very much for making this video, it was very helpful and with the sources you shared about dummy cookies I was able to create validations for protected routes on the client side, again thank you very much, greetings from Colombia.

jeisongarzon
Автор

This was really good, thank you!
Would love to see how you use cookies with JWT tokens && refresh tokens!

BenElferink
Автор

You saved my day I was working on my first MERN project and was banging my head for 6 hours but you saved me Thank you

hassanmehmood
Автор

Underrated video, deserves more attention. Nice job!

SyntheticProgramming
Автор

This video has to be the best one out there solved allll my fuking doubts which no site, no other video could solve. Thanks a ton brother!!!!

prateeksharma
Автор

Great video, thanks for taking the time to explain this in depth. I thought that http only cookies could still be accessed by the browser and couldn't understand why I would want to use it. But you cleared that up for me.

KojiKazama
Автор

GG bro, i've been try learn this jwt and how to store it on httponly cookies, i've been confused by many sites and many videos, but this one really helpful, even your comments is also helping me to get through other problem on my production as well, thanks a lot keep going!

MikliOktarianto
Автор

Great explanation about this complex topic, you help me to understand that very quickly, Thanks!

yerson
Автор

Great video mate. Lead me towards the right path. Hope you still making videos. Appreciate the banter too

tyronemguni