Why use localStorage instead of cookies for our JWT in Svelte

The common explanation for using cookies and httpOnly rather than localStorage is due to XSS issues. These are super valid concerns- we don't want to lose our tokens!
So what can we do? Well, in this episode, I discuss why we use localStorage (cross domains, APIs, mobile apps) and how we navigate around it using AUDs and short token timeouts.
Discuss below! What do you think? Will AUDs work for you? If not, why not? Do you just need a single domain? Use cookies!
šŸ¤Æ Support on Patreon
  • https://www.patreon.com/davidwparker

ā±ļø Timestamps:
  • 00:00 - Introduction
  • 00:40 - Readme
  • 01:35 - Github discussion on why using localStorage vs cookies
  • 03:10 - Demo
  • 04:00 - Nav changes
  • 04:20 - Settings changes
  • 05:28 - new stores
  • 05:45 - layout.svelte changes
  • 06:42 - sign in changes
  • 07:40 - helpers (browser detector and AUD builder)
  • 10:40 - Discuss! Do you think AUDs work for you?

šŸ’Œ Newsletter:
  • https://www.programmingtil.com/

šŸŖElsewhere:
  • Twitter: https://t witter.com/davidwparker
  • Twitter: https://twitter.com/programmingtil
  • GitHub: https://github.com/davidwparker

ļæ½ļæ½Concepts:
  • localStorage vs Cookies for JWTs

šŸ“šResources:
  • https://github.com/davidwparker/programmingtil-svelte/tree/ep12
  • https://github.com/waiting-for-dev/devise-jwt/issues/126

šŸŽ¬ Subscribe!
  • http://bit.ly/subdavidwparker

My name is David W Parker and Iā€™m creating and publishing videos on ProgrammingTIL to help teach anyone and everyone who wants to code. Iā€™m a huge fan of Ruby on Rails, Svelte, TailwindCSS, and WebGL. Iā€™ve used React a lot in the past, as well as some Vue and AngularJS. Iā€™ve done some professional Python and Django. I like to create real applications and my tutorials will walk you through how to build something real from beginning-to-end.

svelte #sapper

Ā© programmingtil.com