Getting Started with JWTs, Session Management, and cookies...

I’ll admit it…I’ve made it this far in my career and never really had to deal with authentication. The one project I worked on that had authentication I did non design or build anything…I just relied (probably for the worse) on co-workers.

For this blog and another blog I’m building I rely on WordPress as a back-end. I’m looking to use the WordPress comment system to enable comments. This may require some authentication of users so I decided to dive in…and wow is this a deep one.

I will probably write up a final solution (if I create one) but for now here are some great resources I’ve found.

JWTs

• https://hasura.io/blog/best-practices-of-using-jwt-with-graphql/
• https://supertokens.io/blog/are-you-using-jwts-for-user-sessions-in-the-correct-way

Session Management

• https://supertokens.io/blog/all-you-need-to-know-about-user-session-security
• https://supertokens.io/blog/the-best-way-to-securely-manage-user-sessions

Cookies

• https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
• https://web.dev/samesite-cookies-explained/