|
|
|
|
|
|
by pawelgrzybek
2729 days ago
|
|
|
I agree with everything on this list apart from using cookies instead of JWT, but I am not going to elaborate on this one because lots of people already pointed it out. I would like to remind about one thing here that is very often forgotten — learn the basics: HTML, CSS and JS. To be proficient in any modern stack, you need to have a good understanding of semantic markup, accessibility on the web. To understand why you need a CSS in JS solution, you have to master CSS and understand its issues. Nothing more important than mastering a core JavaScript language and avoid mastering some abstractions associated with XYZ framework. |
|
|
If there’s any meaningful reason use JWT, it would probably be helpful to articulate it for people.
(I would myself, but I consider JWT to be actively harmful to scaling and security in most implementations (specifically global server side refresh token stores which act as a single point of failure), poorly understood and generally speaking inferior to cookies in almost every respect... but necessary, in some, limited circumstances... but if you have any actual, non hand wavey reason why they’re useful for a general, single domain site, I’d be interested to hear why)