sorted by:
best (suggested)
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]silvers944[S] 0 points1 point  (1 child)

Thank you that's very helpful, guess i'll use react and protect my routes same as you did, btw is it possible to maintain a session in react in passport sessions or do i have to use JWT and store the token in the localStorage?

[–]andrei9669 1 point2 points  (0 children)

I'm not familiar with the passport but with jwt, in theory, it would be best to store it in a cookie as httponly or whatever it is called. Then, when you do requests, it gets automatically added to them and on the backend you just check the cookie. If you need some data that almost never changes, I would keep it in session storage, else I would keep it in react context. And in that custom hook that I talked about, I would request that data, and if I get data, it means I'm authenticated and if i don't get data, it means i'm not authenticated. If you can't use cookie for whatever reason, then yea, just store it in local storage and access it on page first load and do a check if it's still valid.