How to use httpOnly secure cookies in Ruby on Rails with devise-jwt

While sending JWTs via the auth header may work for your application, sometimes it won't and we need the extra security against XSS provided by cookies. In this episode, I explore how to set and use cookies instead of sending back the JWT in our response body (to be set by localStorage) and explain the advantages and disadvantages of each.
🤯 Support on Patreon

⏱️ Timestamps:
  • 00:00 - Introduction
  • 00:55 - README
  • 01:25 - devise-jwt-cookie
  • 02:40 - user and other changes required
  • 04:20 - other changes (non- cookie related)

💌 Newsletter:

  • Twitter:
  • Twitter:
  • GitHub:

  • Use httpOnly secure cookies instead of localStorage for our devise JWT tokens


🎬 Subscribe!

My name is David W Parker and I’m creating and publishing videos on ProgrammingTIL to help teach anyone and everyone who wants to code. I’m a huge fan of Ruby on Rails, Svelte, TailwindCSS, and WebGL. I’ve used React a lot in the past, as well as some Vue and AngularJS. I’ve done some professional Python and Django. I like to create real applications and my tutorials will walk you through how to build something real from beginning-to-end.

ruby #rails #rubyonrails