Cookies #29
Comments
|
We sorta decided between them for this project. In my mind it was JWT vs. cookies, but then we ended up storing the JWT as a cookie anyway - is it best practice to store JWT cookies using hapi-auth-cookie then? We've still not fully wrapped our heads round JWTs tbh! |
|
also still wrapping my head around this, but... the hapi auth cookie is automatically encrypted and so is more secure. Hapi auth cookie is more for authentication (checking if this is a valid user, who is really logged in). The other cookie might be for other stuff (tracking users, or whatever. cookies are used in lots of different ways.) Confusingly, you don't need to store JWTs in a cookie at all, there are other ways to store it. |
|
don't take my word for any of this though. sorry, i'm probs not being very helpful! 😬 |
|
No that makes sense, thanks! I'll probably do a bit more reading on this in reading week... |
I think https://github.com/hapijs/hapi-auth-cookie is more secure that the standard hapi cookies that you are using.
Is there are reason why you didn't use this module? (other than lack of time or whatever...)
The text was updated successfully, but these errors were encountered: