2019-10-25
3611
#node#react
Praveen Kumar
8649
Oct 25, 2019 â‹… 12 min read

Creating a full-stack MERN app using JWT authentication: Part 4

Praveen Kumar Blogger, MVP, Web Developer, Computer Software and UX Architect.

Recent posts:

i tried kiro and here is what i learned

I tried out Kiro: Here’s what I learned

Check out Kiro, AWS’s AI-powered IDE, see what makes it different from other AI coding tools, and explore whether it lives up to the hype.

Elijah Asaolu
Aug 28, 2025 â‹… 5 min read
Go Design Pattern Article Image With Logo

Why Go design patterns still matter

Here’s how three design patterns solved our Go microservices scaling problems without sacrificing simplicity.

Peter Aideloje
Aug 28, 2025 â‹… 2 min read
how to protect your ai agent from prompt injection attacks

How to protect your AI agent from prompt injection attacks

Explore six principled design patterns (with real-world examples) to help you protect your LLM agents from prompt injection attacks.

Rosario De Chiara
Aug 27, 2025 â‹… 5 min read
Don’t Let AI Erase The Next Generation Of Dev Leaders

Don’t let AI erase the next generation of dev leaders

As AI tools take over more routine coding work, some companies are cutting early-career dev roles — a short-sighted move that could quietly erode the next generation of tech leaders if we aren’t careful.

Jack Herrington
Aug 26, 2025 â‹… 6 min read
View all posts

3 Replies to "Creating a full-stack MERN app using JWT authentication: Part 4"

  1. Storing the jwt acces token in browser’s localstorage opens a security issue in your web app. Instead, it is much better to send jwt in a httponly cookie. The authentication server sends the jwt in a cookie to the client. By doing this, the front end does not have to take care of jwt at all. The browse will send the cookie automatically to the site.
    Here is a good blog on this topic: https://stormpath.com/blog/where-to-store-your-jwts-cookies-vs-html5-web-storage.
    Transforming the jwt of cookie to authentication http header may be done by the target service or by infrastructure on its own e.g. by a proxy server of the service mesh.

  2. Hi Praveen. Great tutorial, really helped me get started with JWT.
    One question though.
    When the client connects to the page with JWT in local storage, shouldn’t we run a ValidateJWT to make sure nobody tampered with the web token?
    Maybe it’s on the tutorial, but I followed it once an my final front end did not include it. That may be because I already had a frontend tho, so I didn’t follow that part step-by-step.

    Anywyas, thank you!

Leave a Reply