I love your teaching style. One thing if you add to make it cherry on the top is show real life examples

Interesting video. I do have a couple of questions though. The arguement of being token stolen seems like an unfair one since that could happen to cookies as well. Though there are some scenarios where sessions aren't just a valid answer for example mobile apps. Usually in mobile apps you can't really rely on sessions being persisted and can't expect the users to login in over and over again. On the other hand session based authentication works really well for the web apps. Ofcourse if you work in development professionally, you will need to implement both a lot of times with consistent behaviour. This is a good introduction for beginners though but it would be great if it was mentioned that there were more advanced forms of authentication methods and links to the documentation would have been a massive plus.

Great explanation Piyush, I am thrilled to see this video because you explained it more clearly and easily understandable 👏

The Easiest explanation of all times!

Lovely Lecture ❤❤ , Cleared All my doubts about Authetication Process , Token Vs Session Based , Stateless vs State fulll. Saw your another lecture on SSO. Cleared all doubts on that Topic also .

Awesome explanation.. One of the best video I ever seen for token and sessions..

I am saying this very honestly.. what a explanation!🔥🔥

Bhai you deserve many more subscribers. Such a simple yet comprehensive explanation.

I think for improving security we can save the jwt token in cookies instead of local storage.

Mind Blowing Video Piyush sir....

But token can only be generated when credentials are correct and it can only be leaked from user itself 🤔

serverless can be durable as well, such as azure durable functions

Perfectly explained, love from Pakistan

Keep continuing this hard work bro🔥🔥

Piyush sir thanks for this detailed explanation. It would be great if you could explain how to overcome drawback of jwt what's the solution for it

very helpful video and love your way of making any question easy to understand.

Perfect explaination Piyush❤

Amazing Explanation!!

Best on Authentication

great explanation sir!!

Great content and way of explanation

Finally understood it. Thanks to you brother ✨❤

thanks a lot bro was a great video

wow ! clearity ++

well explanation Piyush 🤝

Very Effective explanation. but does server stores the secret key string in its database and the respective hash function, that means its still using memory for decoding the specific user from the token? i don't understand how can it be a advantage.

great explaination bro

Best Explanation😇

you explained really well

Thank you bhaiya.

Great, Have a question, How do we invalidate JWT in serverless environment..

Gajab bhai 🙌

i think we can store session in DB itself with its life, to avoid re run of server issue

Thanks a lot 😀😀👍👍🙏🙏

@07:35 The session will only destroy only when the session data in server memory if you store session data into database then after restating the session data will not destroy

Great, higly recommend

great video

good explanation

Can u pls make a video explaining how are sessions and jwts are practically implemented and wat is done to handle their flaws.

Well explained 🔥

Nice Explain

If JWT token can be taken by hacker and whats stopping hacker to get session id? how is session more secure i couldn't understand.

good video 👍

how do you overcome security issues with JWT token make a video on that

session cookie bhi to chori ho sakti hai like jwt token am i right its user's responsibility to keep it safe please correct me if I am wrong

Great explanation.

Awesome sir

Hi I want to call the API on the server in next.js but token is in localstorage. How I do this. It is causing me to call all API on client side

To jo jwt token copy krha h usko to phir credentials maloom hi honge jo copy krha h

Hey hi JWT aren't that secure but then what about security?? Please tell me how to make the JWT token secure???

make video on ola api setup in next js

If someone copied the jwt token or theft token and after logout trying to access any page of information then how can we handle it

Please make a practical tutorial authentication with jwt something like this please bhaiya ?

how can we encrypt jwt?

Sir please serverless ka detailed course launch karo

bhai agar without user login api par authentication lagana ho to kese kar sakte?

nice voice

Does every user have a separate signing key in case of JWT? if yes, then it would require memory to store it..right? Also, if we are storing the token-id with the user id, there also memory is being used..

in case of session authentication session_id is automatically generated when we start session and store in cookies?

Bhai, ek doubt hai, jo sessions mein user information store ho rahi hai in memory, jwt ke case mein bhi kahin store hoti hai na, even if it's in the API provider, so how is memory a problem in sessions but not in jwt?

bro where we store signature in server. So how can it be serverless since we are storing signature in server?

Hey, session id is stored in browser cookies and it can also be stolen. Btw token authentication is more secure than session authentication!!

How to store token in browser

session bhi to chori ho skta h ?

Memory = RAM

i love u

Demigod