2019-10-25
3611
#node#react
Praveen Kumar
8649
Oct 25, 2019 â‹… 12 min read

Creating a full-stack MERN app using JWT authentication: Part 4

Praveen Kumar Blogger, MVP, Web Developer, Computer Software and UX Architect.

Recent posts:

​​How HTML’s Selectedcontent Element Improves Dropdowns

​​How HTML’s <selectedcontent> element improves dropdowns

is an experimental HTML element that gives developers control over how a selected option is displayed, using just HTML and CSS.

Temitope Oyedele
Jun 27, 2025 â‹… 6 min read
advanced caching in Node.js with Valkey

How to get faster data access in Node.js with Valkey

Learn how to implement an advanced caching layer in a Node.js app using Valkey, a high-performance, Redis-compatible in-memory datastore.

Muhammed Ali
Jun 27, 2025 â‹… 7 min read
how to properly handle rejected promises in TypeScript

How to properly handle rejected promises in TypeScript

Learn how to properly handle rejected promises in TypeScript using Angular, with tips for retry logic, typed results, and avoiding unhandled exceptions.

Lewis Cianci
Jun 26, 2025 â‹… 4 min read
Your AI Has Agency — Here’s How To Architect Its Frontend

Your AI has agency — here’s how to architect its frontend

AI’s not just following orders anymore. If you’re building the frontend, here’s how to design interfaces that actually understand your agent’s smarts.

Rosario De Chiara
Jun 25, 2025 â‹… 5 min read
View all posts

3 Replies to "Creating a full-stack MERN app using JWT authentication: Part 4"

  1. Storing the jwt acces token in browser’s localstorage opens a security issue in your web app. Instead, it is much better to send jwt in a httponly cookie. The authentication server sends the jwt in a cookie to the client. By doing this, the front end does not have to take care of jwt at all. The browse will send the cookie automatically to the site.
    Here is a good blog on this topic: https://stormpath.com/blog/where-to-store-your-jwts-cookies-vs-html5-web-storage.
    Transforming the jwt of cookie to authentication http header may be done by the target service or by infrastructure on its own e.g. by a proxy server of the service mesh.

  2. Hi Praveen. Great tutorial, really helped me get started with JWT.
    One question though.
    When the client connects to the page with JWT in local storage, shouldn’t we run a ValidateJWT to make sure nobody tampered with the web token?
    Maybe it’s on the tutorial, but I followed it once an my final front end did not include it. That may be because I already had a frontend tho, so I didn’t follow that part step-by-step.

    Anywyas, thank you!

Leave a Reply