Hi, while you're welcome to post here, this is not a general forum for Node. It's the community forum for NodeBB, a Node.js based forum software.
You'll probably have better luck with your question on StackOverflow or Reddit.
While browsing the 'net, I found a neat little IETF draft standard called JWT (JSON Web Tokens).
Basically, the idea is that instead of having sessions on the server and a cookie to match a HTTP request to one of those sessions, one or more claims (i.e. user ID or admin status) are stored in a JSON object which is then signed by the server. (currently through either HMAC, RSA or ECDSA)
The client then stores this in usually either localStorage or sessionStorage and sends it along in an HTTP header with any request requiring authorization.
For example:
{ 'userId': 47 }
and send it to the clientAuthorization
HTTP headerAuthorization
header with their own secret/key and if it's OK, uses the data from the JWT in the processing of the requestuserID
of 47 is used as creator of the topic)Pros of JWT:
Cons:
There might be more cons & pros, I am neither good nor experienced enough to fully understand everything
("everything" is a lot though, I do have trouble with way less than that anyway, don't take my words for granted, do your own research, etc. etc. you know the drill
)
Some links: