Hi, Thanks very much for your response. Excellent question. Yes. Things are stored at both client- and server-side. Moving token-management to the server-side requires a http-session. This means at… - Albert Starreveld

thanks for the article Albert, but, it would nicer if you explained a bit more about if using this…

刘加瑞

Aug 26

Hi,

Thanks very much for your response. Excellent question.

Yes. Things are stored at both client- and server-side.

Moving token-management to the server-side requires a http-session. This means at the client side, cookies are required to make this work. At the server side, variables are stored either in memory, or in case of a distributed app, encrypted session state is stored in Redis cache.

The key difference here, conceptually, is that token management is only entrusted to trusted resources in your (secure) network instead of the user's laptop which should be considered compromised by default. To make this as secure as possible, it would be smart to harden that network and the resources.

Hope this answers your question?

Cheers,

Written by Albert Starreveld

724 Followers

Passionate about cloud native software development. Only by sharing knowledge and code we can take software development to the next level!

More from Albert Starreveld

Why you shouldn’t use access tokens in your front-end any more

Albert Starreveld

Why you shouldn’t use access tokens in your front-end any more

And how to move authentication to the server-side

4 min readMay 25

Albert Starreveld
in
The Web Application Security Hub

Implementing API Authorization with ASP.NET Core and OAuth2

OAuth2 and OpenID Connect (OIDC) protocols are robust and reliable solutions for establishing secure access control and verifying…

4 min readAug 2

Set up a SPA+BFF with ASP.NET Core and angular in 3 steps

Albert Starreveld

Set up a SPA+BFF with ASP.NET Core and angular in 3 steps

Moving authentication from the front-end to the back-end seems to have a significant impact. Especially, because there is limited…

6 min readJun 14

Eliminating Mapping and Redundant Validation in Domain-Centric APIs with JsonConverters and…

Albert Starreveld

Eliminating Mapping and Redundant Validation in Domain-Centric APIs with JsonConverters and…

Numerous applications are designed adhering to the principles of Clean Architecture and Domain-Driven Design (DDD). They have a rich domain…

6 min readJul 12

See all from Albert Starreveld

Recommended from Medium

An AI-generated image of a man radiating vibrant energy and calm after his morning routine

Neeramitra Reddy
in
Better Humans

The Most Powerful Morning Routine I’ve Found After 3+ Years of Experimenting

A realistic, science-based, customizable, and aggressively self-tested morning system

18 min readSep 19

The ChatGPT Hype Is Over — Now Watch How Google Will Kill ChatGPT.

AL Anany

The ChatGPT Hype Is Over — Now Watch How Google Will Kill ChatGPT.

It never happens instantly. The business game is longer than you know.

6 min readSep 1

298

Lists

Staff Picks

456 stories299 saves

Stories to Help You Level-Up at Work

19 stories226 saves

Self-Improvement 101

20 stories612 saves

Productivity 101

20 stories567 saves

Shawhin Talebi
in
Towards Data Science

How to Build an LLM from Scratch

Data Curation, Transformers, Training at Scale, and Model Evaluation

16 min read5 days ago

Nick Wignall

4 Mindsets of Highly Disciplined People

#3: Less but better

7 min read3 days ago

10 Seconds That Ended My 20 Year Marriage

Unbecoming

10 Seconds That Ended My 20 Year Marriage

It’s August in Northern Virginia, hot and humid. I still haven’t showered from my morning trail run. I’m wearing my stay-at-home mom…

4 min readFeb 16, 2022

945

These 14 Small Mindset Shifts Will Change Your Life

Ryan Holiday

These 14 Small Mindset Shifts Will Change Your Life

For the most part, we can’t change the world. We can’t change the fundamental facts of existence–like the fact that we’re going to die. We…

9 min read6 days ago

See more recommendations

Help
Status
Writers
Blog
Careers
Privacy
Terms
About
Text to speech
Teams