2019-10-25
3611
#node#react
Praveen Kumar
8649
Oct 25, 2019 â‹… 12 min read

Creating a full-stack MERN app using JWT authentication: Part 4

Praveen Kumar Blogger, MVP, Web Developer, Computer Software and UX Architect.

Recent posts:

next js environmental variables

How to configure Next.js environmental variables

Learn how to manage environment variables in Next.js, which influence how an application behaves in different contexts and environments.

Joseph Mawa
Apr 25, 2025 â‹… 9 min read
useActionState in React

useActionState in React: A practical guide with examples

Discover how React’s useActionState Hook makes it easier to handle user actions, especially form submissions and async state changes.

Rishi Purwar
Apr 25, 2025 â‹… 5 min read
three js vs babylon js

Three.js vs. Babylon.js: Which is better for 3D web development?

Compare two libraries that support creating 3D experiences in the browser. Learn how to get started with each, their core features, and key differences.

Elijah Asaolu
Apr 24, 2025 â‹… 7 min read
how to use the Next.js Image component to optimize images

How to use the Next.js Image component to optimize images

Explore automatic image optimization using Next Image, the built-in image optimization solution for Next.js.

Adebiyi Adedotun
Apr 23, 2025 â‹… 7 min read
View all posts

3 Replies to "Creating a full-stack MERN app using JWT authentication: Part 4"

  1. Storing the jwt acces token in browser’s localstorage opens a security issue in your web app. Instead, it is much better to send jwt in a httponly cookie. The authentication server sends the jwt in a cookie to the client. By doing this, the front end does not have to take care of jwt at all. The browse will send the cookie automatically to the site.
    Here is a good blog on this topic: https://stormpath.com/blog/where-to-store-your-jwts-cookies-vs-html5-web-storage.
    Transforming the jwt of cookie to authentication http header may be done by the target service or by infrastructure on its own e.g. by a proxy server of the service mesh.

  2. Hi Praveen. Great tutorial, really helped me get started with JWT.
    One question though.
    When the client connects to the page with JWT in local storage, shouldn’t we run a ValidateJWT to make sure nobody tampered with the web token?
    Maybe it’s on the tutorial, but I followed it once an my final front end did not include it. That may be because I already had a frontend tho, so I didn’t follow that part step-by-step.

    Anywyas, thank you!

Leave a Reply