New Discussion

Notifications

You’re not receiving notifications from this thread.

JSON Web Tokens (JWT) vs Rails Session Cookies Discussion

8
General
Nick Nick

Nice work Chris (and getting these prepared over the Holiday season), very keen for the implementation video!

Carlos Orellana Carlos Orellana

Great material. Can't wait for the implementation using JWT.

Cheers

Masud Rana Hossain Masud Rana Hossain

Loving these advanced topics! Keepem coming, Chris!

victor hazbun victor hazbun

Please tell us how to deal correctly with JWT and expirations, lets say the user is admin but on the server side it changes, the user still have admin permissions in the front end, and that could break your back end, what should we do in this scenario? (ActionCable maybe?)

Alex Popov Alex Popov

Excellent general overview of JWT vs session. Can't wait for the hands-on with JWT.

Xiaohong, Deng Xiaohong, Deng

With a JWT, server will always think you are logged out. Why is that? Just because it has to be manually included in the header by ourselves? I'm confused.

"So the server would always think that you're logged out, it will never let you do anything malicious via a bad URL or something like that. "

Chris Oliver Chris Oliver

Correct. The server doesn't have a clue who you are unless you give them a JWT or a session cookie. Your browser automatically sends cookies over in every request so it makes things easy that way. With JWTs, every request your code makes to the server must manually include it.

Xiaohong, Deng Xiaohong, Deng

the second half of the video is really hard to understand for me.

NG DAVID NG DAVID

Nice works

Join the discussion
Create an account Log in

Want to stay up-to-date with Ruby on Rails?

Join 88,275+ developers who get early access to new tutorials, screencasts, articles, and more.

    We care about the protection of your data. Read our Privacy Policy.