Why use localStorage instead of cookies for our JWT in Svelte

Описание: NOTE!!! We'll be getting to using a httpOnly secure cookie a few episodes.

The common explanation for using cookies and httpOnly rather than localStorage is due to XSS issues. These are super valid concerns- we don't want to lose our tokens!

So what can we do? Well, in this episode, I discuss why we use localStorage (cross domains, APIs, mobile apps) and how we navigate around it using AUDs and short token timeouts.

Discuss below! What do you think? Will AUDs work for you? If not, why not? Do you just need to support just a single domain? Then you should definitely use cookies!

🤯 Support on Patreon
  / davidwparker  
https://www.buymeacoffee.com/davidwpa...

⏱️ Timestamps:
00:00 - Introduction
00:40 - Readme
01:35 - Github discussion on why using localStorage vs cookies
03:10 - Demo
04:00 - Nav changes
04:20 - Settings changes
05:28 - new stores
05:45 - _layout.svelte changes
06:42 - sign in changes
07:40 - helpers (browser detector and AUD builder)
10:40 - Discuss! Do you think AUDs work for you?

💌 Newsletter:
https://www.programmingtil.com/

🪐Elsewhere:
Twitter:   / davidwparker  
Twitter:   / programmingtil  
GitHub: https://github.com/davidwparker

💭Concepts:
localStorage vs Cookies for JWTs

📚Resources:
https://github.com/davidwparker/progr...
https://github.com/waiting-for-dev/de...

🎬 Subscribe!
http://bit.ly/subdavidwparker

My name is David W Parker and I’m creating and publishing videos on ProgrammingTIL to help teach anyone and everyone who wants to code. I’m a huge fan of Ruby on Rails, Svelte, TailwindCSS, and WebGL. I’ve used React a lot in the past, as well as some Vue and AngularJS. I’ve done some professional Python and Django. I like to create real applications and my tutorials will walk you through how to build something real from beginning-to-end.

#svelte #sapper