TLDR: JWTs should not be used for keeping your user logged in. They are not designed for this purpose, they are not secure, and there is a much better tool which is designed for it: regular cookie sessions.
If you've got a bit of time to watch a presentation on it, I highly recommend this talk: https://www.youtube.com/watch?v=pYeekwv3vC4 (Note that other topics are largely skimmed over, such as CSRF protection. You should learn about other topics from other sources. Also note that "valid" usecases for JWTs at the end of the video can also be easily handled by other, better, and more secure tools. Specifically, PASETO.)
A related topic: Don't use localStorage (or sessionStorage) for authentication credentials, including JWT tokens: https://www.rdegges.com/2018/please-stop-using-local-storage/
The reason to avoid JWTs comes down to a couple different points:
- The JWT specification is specifically designed only for very short-live tokens (~5 minute or less). Sessions
| <html> | |
| <body> | |
| <h1>I feel lonely</h1> | |
| <script type="text/javascript" src="//code.jquery.com/jquery-2.1.3.min.js"></script> | |
| <script type="text/javascript" src="//cdnjs.cloudflare.com/ajax/libs/socket.io/0.9.16/socket.io.min.js"></script> | |
| <script type="text/javascript" charset="utf-8"> | |
| var socket = io.connect('http://' + document.domain + ':' + location.port); | |
| socket.on('connect', function() { | |
| socket.emit('connected'); |
| <?php | |
| // Licence: WTFPL ! http://www.wtfpl.net/about/ | |
| $fbAuth = array("facebook_id" => "123456789", "facebook_token" => "<Use charles proxy to do man-in-middle SSL sniffing and extract fb token>"); | |
| // Do the magic. | |
| $tinderToken = tinderCall("auth", "token", $fbAuth); // Authenticate | |
| $authToken = "X-Auth-Token: $tinderToken\r\nAuthorization: Token token=\"$tinderToken\"\r\n"; |
(by @andrestaltz)
If you prefer to watch video tutorials with live-coding, then check out this series I recorded with the same contents as in this article: Egghead.io - Introduction to Reactive Programming.
| git clean -xfd | |
| git submodule foreach --recursive git clean -xfd | |
| git reset --hard | |
| git submodule foreach --recursive git reset --hard | |
| git submodule update --init --recursive |
IE9, IE10, and IE11 don't properly scale SVG files added with img tags when viewBox, width and height attributes are specified. View this codepen on the different browsers.
Image heights will not scale when the images are inside containers narrower than image widths. This can be resolved in 2 ways.
As per this answer on Stackoverflow, the issue can be resolved by removing just the width and height attributes.
| // original from http://guid.us/GUID/JavaScript | |
| function S4() { | |
| return (((1+Math.random())*0x10000)|0).toString(16).substring(1); | |
| } | |
| function generateGuid() { | |
| return (S4() + S4() + "-" + S4() + "-4" + S4().substr(0,3) + "-" + S4() + "-" + S4() + S4() + S4()).toLowerCase(); | |
| } |
| var parser = document.createElement('a'); | |
| parser.href = "http://example.com:3000/pathname/?search=test#hash"; | |
| parser.protocol; // => "http:" | |
| parser.hostname; // => "example.com" | |
| parser.port; // => "3000" | |
| parser.pathname; // => "/pathname/" | |
| parser.search; // => "?search=test" | |
| parser.hash; // => "#hash" | |
| parser.host; // => "example.com:3000" |