Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll

Using Cookies and JWTs for Secure Authentication

Preview

Start a free Courses trial
to watch this video

Sign up for Treehouse

Using Cookies for Authentication

3:01 with Alena Holligan

We're ready to switch our authentication from sessions to our new cookies.

This video doesn't have any notes.

Related Discussions

Have questions about this video? Start a discussion with the community and Treehouse staff.

Sign up

    Related Discussions

    Have questions about this video? Start a discussion with the community and Treehouse staff.

    Sign up

    Now we're ready to use this new decodeAuthCookie. 0:00
    Let's start at the top. 0:05
    For the return, we want to use decodeAuthCookie and 0:09
    the auth_Logged_in. 0:15
    We no longer need the session, so we can remove that. 0:20
    Next, We 0:26
    can remove the session. 0:33
    And do decodeAuthCookie, 0:40
    and pass the auth_roles. 0:44
    And again, for the owner, we pass decodeAuthCookie. 0:53
    And pass the auth_user_id, and getAuthenticatedUser. 1:01
    We'll once again pass decodeAuthCookie with the auth_user_id. 1:06
    And we no longer need this session here or here. 1:15
    For our saveUserData, we no longer to set this session 1:22
    with the auth_logged_in information. 1:27
    We do need this session for our flashback. 1:30
    In our doLogout, we can also remove our sessions. 1:35
    Let's go back to the browser and give our system a try one more time, 1:41
    logging out and back in. 1:46
    On our isAuthenticated instead of passing auth_Logged_in, 2:04
    we're just going to try to decodeAuthCookie. 2:08
    Let's try logging back in. 2:14
    And great. 2:21
    And everything still works. 2:30
    We've changed our authentication to use cookies instead of sessions, 2:37
    this helps us limit script access. 2:41
    By using the inspector we can see that the cookie value is pretty easy to read. 2:44
    This is especially dangerous on a shared computer or an insecure network. 2:49
    To make sure this is more secure, in the next session, 2:55
    we'll encode the user data as a JSON web token. 2:58

    You need to sign up for Treehouse in order to download course files.

    Sign up

      You need to sign up for Treehouse in order to set up Workspace

      Sign up