Why use localStorage instead of cookies for our JWT in Svelte

The common explanation for using cookies and httpOnly rather than localStorage is due to XSS issues. These are super valid concerns- we don't want to lose our tokens!
So what can we do? Well, in this episode, I discuss why we use localStorage (cross domains, APIs, mobile apps) and how we navigate around it using AUDs and short token timeouts.
Discuss below! What do you think? Will AUDs work for you? If not, why not? Do you just need a single domain? Use cookies!
🤯 Support on Patreon
  • https://www.patreon.com/davidwparker

⏱️ Timestamps:
  • 00:00 - Introduction
  • 00:40 - Readme
  • 01:35 - Github discussion on why using localStorage vs cookies
  • 03:10 - Demo
  • 04:00 - Nav changes
  • 04:20 - Settings changes
  • 05:28 - new stores
  • 05:45 - layout.svelte changes
  • 06:42 - sign in changes
  • 07:40 - helpers (browser detector and AUD builder)
  • 10:40 - Discuss! Do you think AUDs work for you?

💌 Newsletter:
  • https://www.programmingtil.com/

🪐Elsewhere:
  • Twitter: https://t witter.com/davidwparker
  • Twitter: https://twitter.com/programmingtil
  • GitHub: https://github.com/davidwparker

��Concepts:
  • localStorage vs Cookies for JWTs

📚Resources:
  • https://github.com/davidwparker/programmingtil-svelte/tree/ep12
  • https://github.com/waiting-for-dev/devise-jwt/issues/126

🎬 Subscribe!
  • http://bit.ly/subdavidwparker

My name is David W Parker and I’m creating and publishing videos on ProgrammingTIL to help teach anyone and everyone who wants to code. I’m a huge fan of Ruby on Rails, Svelte, TailwindCSS, and WebGL. I’ve used React a lot in the past, as well as some Vue and AngularJS. I’ve done some professional Python and Django. I like to create real applications and my tutorials will walk you through how to build something real from beginning-to-end.

svelte #sapper

© programmingtil.com