Auth Class 3

 header is the most secured way compare to all we but we have to follow the syntax of this that is key ->"Autherization" and value -> "Bearer " with space


the token which we pass from body that is less secured 
avoid doing this 

HW  ? why bearer token is more secured 
cookie hijecking and token hijecking
https://chatgpt.com/share/6784be42-3904-8006-ae19-0009ed309190


Protected route is used for the purpose of authentication or authorization also  


how to sends token practically ???

1. cookie : - res.cookie.token      But for this there is pre requisite that you have to install cookie-Parser 
then only it will run

2. body :-  req.body.token     But for this there is also pre requisite that you have to install body parser (like express.json()) 


In below method you have to give space after Bearer       -- > Syntax :(

3. Header method :- there is 2 ways to doing this i. Raw method  Header Key Authorization token value
ii. ) Authorization token there is drop down option called bearer token you can do that 


like cookie we also have session concept 
but the only difference is session is stored in   server
and cookie is stored in client side 


cookies vs session GPTs response 

Cookies and sessions are both methods used to store data about a user, but they differ in several key ways:

1. Storage Location:

  • Cookies: Stored on the client-side (i.e., in the user's browser). The browser sends cookies with every HTTP request to the server.
  • Session: Stored on the server-side. The browser only sends the session ID (usually stored in a cookie) to the server, and the actual session data is kept on the server.

2. Data Size:

  • Cookies: Have a size limitation (typically around 4KB), meaning only small pieces of data can be stored.
  • Session: Can store larger amounts of data since the data is stored on the server and is not limited by client-side constraints.

3. Security:

  • Cookies: Less secure, as they reside on the user's machine and can be manipulated or intercepted if not properly protected (e.g., using secure and HTTP-only flags).
  • Session: More secure, as data is stored on the server and not directly accessible to the client. Only the session ID is shared between the server and the client.

4. Expiration:

  • Cookies: Can be set to expire after a certain time (e.g., after one day, one month, etc.), or can last for the duration of the browser session if no expiration is set.
  • Session: Typically expire when the user closes the browser or after a set inactivity period. However, servers can configure sessions to persist longer if needed.

5. Use Cases:

  • Cookies: Useful for persisting small bits of data like user preferences, remember-me functionality, and lightweight client-side data.
  • Session: Used to store sensitive data like user authentication, cart information, or other temporary data that should not be exposed to the client.

6. Speed:

  • Cookies: Accessing cookies is faster since they are stored on the client-side and don't require a round trip to the server, but they are sent with every HTTP request, potentially slowing down large-scale applications.
  • Session: Requires server-side access, so it might be slightly slower in terms of lookup but is more efficient for storing larger and sensitive data.

Summary:

  • Cookies are stored on the client and are best suited for small, non-sensitive data, while sessions store data on the server and are ideal for sensitive or larger-scale data that requires security.

Would you like a practical example of how to use cookies and sessions in code?

Comments

Post a Comment

Popular posts from this blog

Edtech backend class 4

 whenever their is concept related to data we have to manage that like in our project called studynotion we required to show the UI based on the different types of user  different UI for the Instructor and different for the Student. from where we get information about the user that is --> backend. we have to manage the state so for that we uses state management library called -- > REDUX. steps  1. install the particular package (redux toolkit) 2. create the store  3. wrapped into provider  :- wrapp app component into the provider as all the state will be treated as global variable,  we have to pass store into the provider 4. create slices 5. add into reducers what we do in reducers folder :- take all the slices and combine them if token === null then show login and signup button if token !== null then show add to cart like features frontend -> button -> services -> controller Optional parameter in function --> Order matters a lot 
Read more

BD Class 4 Data Association

 Data Association: -  It is the linkage or co-ordination between two data how they are related to each other and how one data affects other how data is linked to one or other form how we can manage that In blog application we can have 3 schema 1. post 2.like 3.comment this 3 schema can have different values in that  1. post --> title,body,like,comment title and body is independent but like and comment  is referencing to their object/Schema  we can have array of likes and comments so that we can get to know that how many likes one particular post contains similarly with comment 2. like -- > post [array] , user [array] 3. comment --> post[array], user[array]
Read more

Authentication and autherization class 1

 we can authorize and authenticate user using both the methods  cookies JWT both things are sent from server to the client to know user more correctly and understand user more correctly  like we often see in the e-commerce website that whenever add some products in add to cart button  then after restarting browser we can able to see the added cart items  internally this things happen because of cookies only class 2  we can fetch or send also token from  body cookie header  --> it is most secured way to send the token its not necessary all 3 have the token  but from where you wanted to send you can send the token and access that we can user middleware as for the authentication and authorization   like isAdmin, isStudent aur auth we can  do definitely so that's where middleware is used till this date in my knowledge  how we achieve authentication and autherization we send jwt token of user once user is sign up into the ac...
Read more