2019-10-25
3611
#node#react
Praveen Kumar
8649
Oct 25, 2019 ⋅ 12 min read

Creating a full-stack MERN app using JWT authentication: Part 4

Praveen Kumar Blogger, MVP, Web Developer, Computer Software and UX Architect.

Recent posts:

You're doing vibe coding wrong: Here's how to do it right. A LogRocket article

You’re doing vibe coding wrong: Here’s how to do it right

Vibe coding isn’t just AI-assisted chaos. Here’s how to avoid insecure, unreadable code and turn your “vibes” into real developer productivity.

Chizaram Ken
Oct 28, 2025 ⋅ 11 min read

Exploring spec-driven development with the new GitHub Spec Kit

GitHub SpecKit brings structure to AI-assisted coding with a spec-driven workflow. Learn how to build a consistent, React-based project guided by clear specs and plans.

Emmanuel John
Oct 28, 2025 ⋅ 7 min read

The different ways to use CSS :has(), with examples

The CSS :has() pseudo-class is a powerful new feature that lets you style parents, siblings, and more – writing cleaner, more dynamic CSS with less JavaScript.

Daniel Schwarz
Oct 24, 2025 ⋅ 7 min read

Kombai AI: The AI agent built for frontend development

Kombai AI converts Figma designs into clean, responsive frontend code. It helps developers build production-ready UIs faster while keeping design accuracy and code quality intact.

Jude Miracle
Oct 23, 2025 ⋅ 7 min read
View all posts

3 Replies to "Creating a full-stack MERN app using JWT authentication: Part 4"

  1. Storing the jwt acces token in browser’s localstorage opens a security issue in your web app. Instead, it is much better to send jwt in a httponly cookie. The authentication server sends the jwt in a cookie to the client. By doing this, the front end does not have to take care of jwt at all. The browse will send the cookie automatically to the site.
    Here is a good blog on this topic: https://stormpath.com/blog/where-to-store-your-jwts-cookies-vs-html5-web-storage.
    Transforming the jwt of cookie to authentication http header may be done by the target service or by infrastructure on its own e.g. by a proxy server of the service mesh.

  2. Hi Praveen. Great tutorial, really helped me get started with JWT.
    One question though.
    When the client connects to the page with JWT in local storage, shouldn’t we run a ValidateJWT to make sure nobody tampered with the web token?
    Maybe it’s on the tutorial, but I followed it once an my final front end did not include it. That may be because I already had a frontend tho, so I didn’t follow that part step-by-step.

    Anywyas, thank you!

Leave a Reply

Hey there, want to help make our blog better?

Join LogRocket’s Content Advisory Board. You’ll help inform the type of content we create and get access to exclusive meetups, social accreditation, and swag.

Sign up now