Including user accounts
As we want users to be able to log into our app, we will need to authenticate that the client is who they claim to be. Thereafter, we need to ensure that each user only gets to see their own to-dos. This is typically achieved by the user entering a username and password, which are then checked against stored versions.
We will need to authenticate every request the user makes to the backend; however, we ideally only want the user to enter their username and password once (until they log out). We can achieve this by saving information to a cookie when the user logs in, as the browser will then send us the cookie with every request.
We will need to save a piece of identifying information to the cookie when the user logs in and starts the session; for example, their user ID. We can then read the cookie on every request and identify which user it is. However, cookies can be edited, or faked, by the client so we need to ensure that the information in the cookie...