I love your teaching style. One thing if you add to make it cherry on the top is show real life examples

Great explanation Piyush, I am thrilled to see this video because you explained it more clearly and easily understandable 👏

Interesting video. I do have a couple of questions though. The arguement of being token stolen seems like an unfair one since that could happen to cookies as well. Though there are some scenarios where sessions aren't just a valid answer for example mobile apps. Usually in mobile apps you can't really rely on sessions being persisted and can't expect the users to login in over and over again. On the other hand session based authentication works really well for the web apps. Ofcourse if you work in development professionally, you will need to implement both a lot of times with consistent behaviour. This is a good introduction for beginners though but it would be great if it was mentioned that there were more advanced forms of authentication methods and links to the documentation would have been a massive plus.

Awesome explanation.. One of the best video I ever seen for token and sessions..

The Easiest explanation of all times!

Bhai you deserve many more subscribers. Such a simple yet comprehensive explanation.

Mind Blowing Video Piyush sir....

Lovely Lecture ❤❤ , Cleared All my doubts about Authetication Process , Token Vs Session Based , Stateless vs State fulll. Saw your another lecture on SSO. Cleared all doubts on that Topic also .

I am saying this very honestly.. what a explanation!🔥🔥

Keep continuing this hard work bro🔥🔥

But token can only be generated when credentials are correct and it can only be leaked from user itself 🤔

I think for improving security we can save the jwt token in cookies instead of local storage.

Very Effective explanation. but does server stores the secret key string in its database and the respective hash function, that means its still using memory for decoding the specific user from the token? i don't understand how can it be a advantage.

serverless can be durable as well, such as azure durable functions

Perfectly explained, love from Pakistan

very helpful video and love your way of making any question easy to understand.

Perfect explaination Piyush❤

Piyush sir thanks for this detailed explanation. It would be great if you could explain how to overcome drawback of jwt what's the solution for it

Finally understood it. Thanks to you brother ✨❤

@07:35 The session will only destroy only when the session data in server memory if you store session data into database then after restating the session data will not destroy

session cookie bhi to chori ho sakti hai like jwt token am i right its user's responsibility to keep it safe please correct me if I am wrong

Hi I want to call the API on the server in next.js but token is in localstorage. How I do this. It is causing me to call all API on client side

Great, Have a question, How do we invalidate JWT in serverless environment..

Amazing Explanation!!

well explanation Piyush 🤝

If JWT token can be taken by hacker and whats stopping hacker to get session id? how is session more secure i couldn't understand.

Great content and way of explanation

i think we can store session in DB itself with its life, to avoid re run of server issue

great explanation sir!!

If someone copied the jwt token or theft token and after logout trying to access any page of information then how can we handle it

thanks a lot bro was a great video

Best Explanation😇

Best on Authentication

Hey hi JWT aren't that secure but then what about security?? Please tell me how to make the JWT token secure???

Gajab bhai 🙌

you explained really well

wow ! clearity ++

Can u pls make a video explaining how are sessions and jwts are practically implemented and wat is done to handle their flaws.

Please make video where you can tell how we can manage token. Like this is right user or not If hacker stole out token how we can prevent then not to access my details etc. Thanks in advance ❤❤

Cant hacker steal session id as well in the same way they are stealing Tokens?

in case of session authentication session_id is automatically generated when we start session and store in cookies?

To jo jwt token copy krha h usko to phir credentials maloom hi honge jo copy krha h

bhai agar without user login api par authentication lagana ho to kese kar sakte?

great explaination bro

how can we encrypt jwt?

how do you overcome security issues with JWT token make a video on that

Thanks a lot 😀😀👍👍🙏🙏

Does every user have a separate signing key in case of JWT? if yes, then it would require memory to store it..right? Also, if we are storing the token-id with the user id, there also memory is being used..

Well explained 🔥

bro where we store signature in server. So how can it be serverless since we are storing signature in server?

Great explanation.

Thank you bhaiya.

Bhai, ek doubt hai, jo sessions mein user information store ho rahi hai in memory, jwt ke case mein bhi kahin store hoti hai na, even if it's in the API provider, so how is memory a problem in sessions but not in jwt?

Great, higly recommend

good video 👍

Please make a practical tutorial authentication with jwt something like this please bhaiya ?

good explanation

great video

make video on ola api setup in next js

Awesome sir

Sir please serverless ka detailed course launch karo

Nice Explain

How to store token in browser

nice voice

session bhi to chori ho skta h ?

Hey, session id is stored in browser cookies and it can also be stolen. Btw token authentication is more secure than session authentication!!

Memory = RAM

Demigod

i love u