Summary
In this chapter, we introduced the process of authentication. We saw how authentication usually works. Authentication can be of two types: session-based or token-based. Session-based authentication is also called simple authentication, where a session is created when the client successfully logs in. That session is saved back in the client and supplied for each and every request. There are two possible cases here. In the first case, the session will be saved in the server's program memory. This kind of session will be cleared when the application restarts. The second case is to save the session cookie in Redis. Redis is an in-memory database that can act as a cache for any web application. Redis supports storing a few data types such as string, list, hash, and so on. We explored a package called redistore
that replaces the built-in sessions package for persisting the session cookies.
Next, we saw about JWT. A JWT is a token string that is the output of performing a few steps. First...