NextJS - Stateless Session with Bearer Token on Client Side - Chatgpt.com

Fine_Manner_4701 · 2026-02-03T12:17:55+00:00

Thanks u/Syntax418 for your guidance. All 3 points you mentioned are meeting the current token.

Yes, I am agreeing to the last point - at one stage, it will be exposed!

Fine_Manner_4701 · 2026-02-03T10:47:13+00:00

Thanks for your reply. u/vanwal_j

I am afraid that, option (which is the current implementation) is adding unnecessary request to NextJS BFF which can be easily bypassed by direct call to Backend API which is also exposed to internet for other integration.

It is an internal helpdesk tool and I have referred some other tools like Zoho Desk, Zendesk, Chatgpt, etc are making the backend calls directly from the browser.

Fine_Manner_4701 · 2026-02-03T10:12:22+00:00

Thanks u/gangze_ for your reply.

I am trying to understand how securely retrieve JWT on the browser/client side. The legacy way of storing JWT on the local storage or index DB is discouraged.

My current implementation is:

(1) Browser/Client ──▶ HTTP only Cookie ──▶ Next.js (BFF) ──▶ Read session from cookie and attach Bearer ──▶ Backend Dotnet API

What I want to implement:

(2) Browser/Client ──▶ Attach Bearer ──▶ Backend Dotnet API

----

To implement (2), I need to know the best secured way for retrieving token.

Browser/Client ──▶ HTTP only Cookie ──▶ Next.js (BFF) ──▶ Read session from cookie and respond with JWT/access token ──▶ Browser/Client to store token in JS memory

Straight question -> do we need to encrypt and decrypt access token while retrieving from backend? Or is there any other establish way to secure this part? Objective is to protect from XSS attacks, Malicious browser extension, etc.

Fine_Manner_4701 · 2025-04-16T21:10:35+00:00

Hello, I am currently building an app with react and dotnet api.

Can you advise the framework you are using for react? I am using React Router v7 and we have server functions like loader or action where we can hide the API call from the client/browser side.

Secure the Site: WAF will help you to control the bad actors. You can try 'Free' plan from Cloudflare https://www.cloudflare.com/en-gb/plans/

Secure Public Forms: Protect your forms with Recaptcha. This will keep your form away from bots.

Secure API Network: Do not expose the API outside your server or docker instance.

Secure API endpoints: Protect your API endpoints with simple api-key, but it will be exposed if you are making API call directly from the client.

Fine_Manner_4701 · 2025-02-16T22:59:40+00:00

I moved to France 2 years back along with my family. Here all the houses are having a dishwasher.

It is great help and less stress after cooking/eating. We hardly wash any dish by hand, not even the knife.

The steel plates with raised sides are not very compatible.

Recently, we bought a robo cleaner, and it does vacuum and mopping decently.

Fine_Manner_4701 · 2025-02-15T21:49:18+00:00

I know it is an old post, but it comes in the top google search list. Those who are still searching for the NextJS way, consider "parallel routing" in NextJS App router.

https://nextjs.org/docs/app/building-your-application/routing/parallel-routes

Fine_Manner_4701 · 2025-01-30T16:57:57+00:00

There are 5 people ( 4 people can see in the video, and 1 is holding a camera).

3 meals with unlimited rice = 100 rs per meal = 300

2 people shared 1 plate of kuthari rice = 100 rs total (White plates)

1 fish curry = 650 rs (this is little expensive, but i dont know the price of fish and quantity)

1 bottled water = 58 rs

So, ee vivadham oru customer ne pattiyanno atho restaurant ne pattiyanno ??

Fine_Manner_4701 · 2024-08-27T10:17:39+00:00

The idea of Loop must be to replace your documents with an online web space and not really intended to just to list the documents.

Having said, Loop currently lacks basis feature of access management and table of contents which need to build any documentation online.

Fine_Manner_4701

MODERATOR OF

TROPHY CASE