This application is a simple login/signup/logout practice, and to familiarize myself using kanban board. Feel free to clone this repo and develop it for any further use.
After having an experience working as a team and as a frontend developer, I wanted to understand how backend works and how frontend communicates with the backend. As a result, I made this login system as a practice to get a sense of what it is like working on the backend side.
Frontend is built using React library and the backend is driven by Node.js, utilizing express framework and a MySQL database.
- Security issue versus users staying logged in.
- Problem: users are logged out after a page refresh.
- Design choice:
- Storing user cookies (contained JWT and other user information) in a local or session storage.
- This can prevent csrf attack but is prone to xss attack according to this stackoverflow post and detail is stated in this answer from the same post.
- I chose to store user cookies in Cookie Storage and refresh the token every 30 seconds to prevent token being stolen as well as for users to stay logged in.