SlideShare a Scribd company logo

Authentication in Svelte using cookies.pptx

Download as PPTX, PDF
Knoldus Inc.
Knoldus Inc.

Svelte streamlines authentication with cookies, offering a secure and seamless user experience. Effortlessly manage sessions by storing tokens in cookies, ensuring persistent logins. With Svelte's simplicity, implement robust authentication mechanisms, enhancing user security and interaction.

Technology
1 of 22
Authentication in Svelte using cookies Alka Vats & Anuj Tomar
Lack of etiquette and manners is a huge turn off. KnolX Etiquettes  Punctuality Join the session 5 minutes prior to the session start time. We start on time and conclude on time!  Feedback Make sure to submit a constructive feedback for all sessions as it is very helpful for the presenter.  Silent Mode Keep your mobile devices in silent mode, feel free to move out of session in case you need to attend an urgent call.  Avoid Disturbance Avoid unwanted chit chat during the session.
1. Introduction to SvelteKit 2. What are HTTP cookies? 3. Understanding SvelteKit cookies methods 4. Authentication using the parent() function 5. Implementing authentication with SvelteKit o Build the UI o Authentication endpoints o Svelte hooks 6. Securing routes and accessing the session on the client
Introduction to SvelteKit
Introduction to SvelteKit  SvelteKit is to Svelte what Next.js is to React.  SvelteKit is a framework for building web applications of all sizes, with a beautiful development experience and flexible file system–based routing.  SvelteKit extends Svelte with some functionality that we will use in this knolx session: − file system–based routing − endpoints (server-side functions) − hooks.
02
What are HTTP cookies?  Cookies, also known as HTTP cookies, are small text files that websites store on a user’s computer or mobile device.  These files contain data related to the user’s browsing activity on that website, such as login information, preferences, and shopping cart contents.  Cookies can be either “session cookies” or “persistent cookies.”  Session cookies are temporary and deleted when the user closes their browser, while persistent cookies remain on the user’s device until they expire or are deleted by the user.
Cookies in SvelteKit • SvelteKit’s cookies have a new method for a cookie header, and also removed the getSession property, which returns the data that was set in user session. • With this new concept, it’s now much easier to work with cookies compared to adding payload manually to the request header. • This update comes with a set of flexible methods, including set, get, and delete.  Session management  Persistence  Client-side storage  Cross-domain compatibility  Scalability Advantages of using cookies:
Disadvantages of using cookies  Security concerns: - Care must be taken to properly sanitize input and validate data to prevent these types of security attacks  Size limitations: - Cookies have a size limit of around 4KB, which may not be sufficient for storing larger amounts of data. This can limit the amount of data that can be stored on the client side  Compatibility issues: - Some users may have cookies disabled or may be using older browsers that do not support cookies. This can limit the effectiveness of using cookies as a data storage mechanism
03
The 'set' method  This method is used to set cookies in the Set-Cookie header and define options as needed, making the cookies available for recurring usage.  To use the set method, you need to provide name , value, and option — option is optional. These config options allow us to specify various options that help ensure security and restriction to the cookie data: cookies.set('sessionId', "info@gmail.com", { httpOnly: true, sameSite: 'strict', secure: false, path: '/', maxAge: 60 * 60 * 24 * 7 });
The 'get' method  This method is used to get cookie data that was previously set with cookies.set, or from the request headers.  The get method takes two parameters: name and options, though options is optional: cookies.get('session');  This method is used to delete a cookie from the browser.  Deleting a cookie removes the data and the expiry period attached to that cookie.  This method takes two parameters: name and options; again, options is optional: await cookies.delete('session', {path: '/'}); The 'delete' method
04
Authentication using the parent() function  The parent() function is used to return props data from various load functions, then combine them together as one object.  Additionally, the load function is used to return data from the server/client to the Svelte template: //src/routes/+layout.server.js export const load = async ({ request, locals, cookies }) => { return { user: locals.user, welcome_message: "welcome back", }; };  The +page.js is executed on the client side while the other files with .server.js are executed on the backend: //src/routes/+page.js export const load = async ({ parent }) => { const { user, welcome_message } = await parent(); return { user: user, message: welcome_message };};
05
Implementing authentication with SvelteKit - Setup First, we’ll initialize the SvelteKit project. npm create svelte@latest sveltekit-auth cd sveltekit-auth npm install Authentication endpoints/workflow  First, we need one additional library that will help us generate a random ID for each user: npm i uuid
Svelte hooks  Svelte hooks run on the server and allow us to extend the behavior of SvelteKit.  The handle hook runs on every request (and during prerendering).  It gives us access to the request and allows us to modify the response.  We can add custom data to request.locals, which will be available in all endpoints.  We will use it to parse the session_id cookie, retrieve the session, and attach the session data to request.locals.  The hook, which can also be referred to as a middleware, helps us handle the unauthorized user trying to access protected pages.
06
Securing routes and accessing the session on the client  In /src/routes/protected, we can create another route, called /protected that will only be accessible by authenticated users.  We can then check if the session contains the user. If that’s not the case, the user isn’t signed in.  We can redirect the user by returning the combination of HTTP status code 302 (found) and a redirect pointing to the route where the user should be redirected.  Because the load function is running before the actual rendering of the page, an unauthenticated user will never see the page.
Securing routes and accessing the session on the client  This is how the protected route looks: // src/routes/protected/+page.svelte <script> export let data; </script> <svelte:head> <title>Protected Page</title> <meta name="description" content="About this app" /> </svelte:head> <h1 class="text-2xl font-semibold text-center">Hi! You are registered with email: {data.user.email}.</h1>
Authentication in Svelte using cookies.pptx
Authentication in Svelte using cookies.pptx

Recommended

Session tracking in servlets
Session tracking in servletsSession tracking in servlets
Session tracking in servletsvishal choudhary
 
Php ssession - cookies -introduction
Php ssession - cookies -introductionPhp ssession - cookies -introduction
Php ssession - cookies -introductionProgrammer Blog
 
Sessions&cookies
Sessions&cookiesSessions&cookies
Sessions&cookiesTirthika Bandi
 
Ecom2
Ecom2Ecom2
Ecom2Santosh Pandey
 
Session tracking In Java
Session tracking In JavaSession tracking In Java
Session tracking In Javahoneyvachharajani
 
Cookies and Session
Cookies and SessionCookies and Session
Cookies and SessionKoraStats
 
session and cookies.ppt
session and cookies.pptsession and cookies.ppt
session and cookies.pptJayaprasanna4
 
Enterprise java unit-2_chapter-3
Enterprise java unit-2_chapter-3Enterprise java unit-2_chapter-3
Enterprise java unit-2_chapter-3sandeep54552
 

Recommended

Session tracking in servlets
Session tracking in servletsSession tracking in servlets
Session tracking in servletsvishal choudhary
 
Php ssession - cookies -introduction
Php ssession - cookies -introductionPhp ssession - cookies -introduction
Php ssession - cookies -introductionProgrammer Blog
 
Sessions&cookies
Sessions&cookiesSessions&cookies
Sessions&cookiesTirthika Bandi
 
Ecom2
Ecom2Ecom2
Ecom2Santosh Pandey
 
Session tracking In Java
Session tracking In JavaSession tracking In Java
Session tracking In Javahoneyvachharajani
 
Cookies and Session
Cookies and SessionCookies and Session
Cookies and SessionKoraStats
 
session and cookies.ppt
session and cookies.pptsession and cookies.ppt
session and cookies.pptJayaprasanna4
 
Enterprise java unit-2_chapter-3
Enterprise java unit-2_chapter-3Enterprise java unit-2_chapter-3
Enterprise java unit-2_chapter-3sandeep54552
 
Servlet session 10
Servlet session 10Servlet session 10
Servlet session 10Anuj Singh Rajput
 
Cookies in servlet
Cookies in servletCookies in servlet
Cookies in servletchauhankapil
 
07 cookies
07 cookies07 cookies
07 cookiessnopteck
 
Using cookies and sessions
Using cookies and sessionsUsing cookies and sessions
Using cookies and sessionsNuha Noor
 
Enterprise java unit-2_chapter-2
Enterprise java unit-2_chapter-2Enterprise java unit-2_chapter-2
Enterprise java unit-2_chapter-2sandeep54552
 
SessionTrackServlets.pptx
SessionTrackServlets.pptxSessionTrackServlets.pptx
SessionTrackServlets.pptxRanjeet Reddy
 
Session and state management
Session and state managementSession and state management
Session and state managementPaneliya Prince
 
Cookies: HTTP state management mechanism
Cookies: HTTP state management mechanismCookies: HTTP state management mechanism
Cookies: HTTP state management mechanismJivan Nepali
 
Session And Cookies In Servlets - Java
Session And Cookies In Servlets - JavaSession And Cookies In Servlets - Java
Session And Cookies In Servlets - JavaJainamParikh3
 
Sessions and cookies
Sessions and cookiesSessions and cookies
Sessions and cookieswww.netgains.org
 
Java - Servlet - Mazenet Solution
Java - Servlet - Mazenet SolutionJava - Servlet - Mazenet Solution
Java - Servlet - Mazenet SolutionMazenetsolution
 
19_JavaScript - Storage_Cookies-tutorial .pptx
19_JavaScript - Storage_Cookies-tutorial .pptx19_JavaScript - Storage_Cookies-tutorial .pptx
19_JavaScript - Storage_Cookies-tutorial .pptxssuser4a97d3
 
PHP COOKIES AND SESSIONS
PHP COOKIES AND SESSIONSPHP COOKIES AND SESSIONS
PHP COOKIES AND SESSIONSDegu8
 
Cookie & Session In ASP.NET
Cookie & Session In ASP.NETCookie & Session In ASP.NET
Cookie & Session In ASP.NETShingalaKrupa
 
What Is Evercookie and Why You Should Avoid It for Privacy’s Sake
What Is Evercookie and Why You Should Avoid It for Privacy’s SakeWhat Is Evercookie and Why You Should Avoid It for Privacy’s Sake
What Is Evercookie and Why You Should Avoid It for Privacy’s SakePiwik PRO
 
Session and cookies,get and post methods
Session and cookies,get and post methodsSession and cookies,get and post methods
Session and cookies,get and post methodsbaabtra.com - No. 1 supplier of quality freshers
 
S8-Session Managment
S8-Session ManagmentS8-Session Managment
S8-Session Managmentzakieh alizadeh
 
Class 38
Class 38Class 38
Class 38srasat73
 
EVOLVE'13 | Enhance | Permission Sensitive Caching | Paul McMahon & Jason Rap...
EVOLVE'13 | Enhance | Permission Sensitive Caching | Paul McMahon & Jason Rap...EVOLVE'13 | Enhance | Permission Sensitive Caching | Paul McMahon & Jason Rap...
EVOLVE'13 | Enhance | Permission Sensitive Caching | Paul McMahon & Jason Rap...Evolve The Adobe Digital Marketing Community
 
Startup Institute NY (Summer 2016) - Authentication, Validation, and Basic Te...
Startup Institute NY (Summer 2016) - Authentication, Validation, and Basic Te...Startup Institute NY (Summer 2016) - Authentication, Validation, and Basic Te...
Startup Institute NY (Summer 2016) - Authentication, Validation, and Basic Te...Matthew Gerrior
 
Stakeholder Management (Project Management) Presentation
Stakeholder Management (Project Management) PresentationStakeholder Management (Project Management) Presentation
Stakeholder Management (Project Management) PresentationKnoldus Inc.
 
Introduction To Kaniko (DevOps) Presentation
Introduction To Kaniko (DevOps) PresentationIntroduction To Kaniko (DevOps) Presentation
Introduction To Kaniko (DevOps) PresentationKnoldus Inc.
 

More Related Content

Similar to Authentication in Svelte using cookies.pptx

Cookies in servlet
Cookies in servletCookies in servlet
Cookies in servletchauhankapil
 
07 cookies
07 cookies07 cookies
07 cookiessnopteck
 
Using cookies and sessions
Using cookies and sessionsUsing cookies and sessions
Using cookies and sessionsNuha Noor
 
Enterprise java unit-2_chapter-2
Enterprise java unit-2_chapter-2Enterprise java unit-2_chapter-2
Enterprise java unit-2_chapter-2sandeep54552
 
SessionTrackServlets.pptx
SessionTrackServlets.pptxSessionTrackServlets.pptx
SessionTrackServlets.pptxRanjeet Reddy
 
Session and state management
Session and state managementSession and state management
Session and state managementPaneliya Prince
 
Cookies: HTTP state management mechanism
Cookies: HTTP state management mechanismCookies: HTTP state management mechanism
Cookies: HTTP state management mechanismJivan Nepali
 
Session And Cookies In Servlets - Java
Session And Cookies In Servlets - JavaSession And Cookies In Servlets - Java
Session And Cookies In Servlets - JavaJainamParikh3
 
Java - Servlet - Mazenet Solution
Java - Servlet - Mazenet SolutionJava - Servlet - Mazenet Solution
Java - Servlet - Mazenet SolutionMazenetsolution
 
19_JavaScript - Storage_Cookies-tutorial .pptx
19_JavaScript - Storage_Cookies-tutorial .pptx19_JavaScript - Storage_Cookies-tutorial .pptx
19_JavaScript - Storage_Cookies-tutorial .pptxssuser4a97d3
 
PHP COOKIES AND SESSIONS
PHP COOKIES AND SESSIONSPHP COOKIES AND SESSIONS
PHP COOKIES AND SESSIONSDegu8
 
Cookie & Session In ASP.NET
Cookie & Session In ASP.NETCookie & Session In ASP.NET
Cookie & Session In ASP.NETShingalaKrupa
 
What Is Evercookie and Why You Should Avoid It for Privacy’s Sake
What Is Evercookie and Why You Should Avoid It for Privacy’s SakeWhat Is Evercookie and Why You Should Avoid It for Privacy’s Sake
What Is Evercookie and Why You Should Avoid It for Privacy’s SakePiwik PRO
 
Startup Institute NY (Summer 2016) - Authentication, Validation, and Basic Te...
Startup Institute NY (Summer 2016) - Authentication, Validation, and Basic Te...Startup Institute NY (Summer 2016) - Authentication, Validation, and Basic Te...
Startup Institute NY (Summer 2016) - Authentication, Validation, and Basic Te...Matthew Gerrior
 

Similar to Authentication in Svelte using cookies.pptx (20)

Servlet session 10
Servlet session 10Servlet session 10
Servlet session 10
 
Cookies in servlet
Cookies in servletCookies in servlet
Cookies in servlet
 
07 cookies
07 cookies07 cookies
07 cookies
 
Using cookies and sessions
Using cookies and sessionsUsing cookies and sessions
Using cookies and sessions
 
Enterprise java unit-2_chapter-2
Enterprise java unit-2_chapter-2Enterprise java unit-2_chapter-2
Enterprise java unit-2_chapter-2
 
SessionTrackServlets.pptx
SessionTrackServlets.pptxSessionTrackServlets.pptx
SessionTrackServlets.pptx
 
Session and state management
Session and state managementSession and state management
Session and state management
 
Cookies: HTTP state management mechanism
Cookies: HTTP state management mechanismCookies: HTTP state management mechanism
Cookies: HTTP state management mechanism
 
Session And Cookies In Servlets - Java
Session And Cookies In Servlets - JavaSession And Cookies In Servlets - Java
Session And Cookies In Servlets - Java
 
Sessions and cookies
Sessions and cookiesSessions and cookies
Sessions and cookies
 
Java - Servlet - Mazenet Solution
Java - Servlet - Mazenet SolutionJava - Servlet - Mazenet Solution
Java - Servlet - Mazenet Solution
 
19_JavaScript - Storage_Cookies-tutorial .pptx
19_JavaScript - Storage_Cookies-tutorial .pptx19_JavaScript - Storage_Cookies-tutorial .pptx
19_JavaScript - Storage_Cookies-tutorial .pptx
 
PHP COOKIES AND SESSIONS
PHP COOKIES AND SESSIONSPHP COOKIES AND SESSIONS
PHP COOKIES AND SESSIONS
 
Cookie & Session In ASP.NET
Cookie & Session In ASP.NETCookie & Session In ASP.NET
Cookie & Session In ASP.NET
 
What Is Evercookie and Why You Should Avoid It for Privacy’s Sake
What Is Evercookie and Why You Should Avoid It for Privacy’s SakeWhat Is Evercookie and Why You Should Avoid It for Privacy’s Sake
What Is Evercookie and Why You Should Avoid It for Privacy’s Sake
 
Session and cookies,get and post methods
Session and cookies,get and post methodsSession and cookies,get and post methods
Session and cookies,get and post methods
 
S8-Session Managment
S8-Session ManagmentS8-Session Managment
S8-Session Managment
 
Class 38
Class 38Class 38
Class 38
 
EVOLVE'13 | Enhance | Permission Sensitive Caching | Paul McMahon & Jason Rap...
EVOLVE'13 | Enhance | Permission Sensitive Caching | Paul McMahon & Jason Rap...EVOLVE'13 | Enhance | Permission Sensitive Caching | Paul McMahon & Jason Rap...
EVOLVE'13 | Enhance | Permission Sensitive Caching | Paul McMahon & Jason Rap...
 
Startup Institute NY (Summer 2016) - Authentication, Validation, and Basic Te...
Startup Institute NY (Summer 2016) - Authentication, Validation, and Basic Te...Startup Institute NY (Summer 2016) - Authentication, Validation, and Basic Te...
Startup Institute NY (Summer 2016) - Authentication, Validation, and Basic Te...
 

More from Knoldus Inc.

Stakeholder Management (Project Management) Presentation
Stakeholder Management (Project Management) PresentationStakeholder Management (Project Management) Presentation
Stakeholder Management (Project Management) PresentationKnoldus Inc.
 
Introduction To Kaniko (DevOps) Presentation
Introduction To Kaniko (DevOps) PresentationIntroduction To Kaniko (DevOps) Presentation
Introduction To Kaniko (DevOps) PresentationKnoldus Inc.
 
Efficient Test Environments with Infrastructure as Code (IaC)
Efficient Test Environments with Infrastructure as Code (IaC)Efficient Test Environments with Infrastructure as Code (IaC)
Efficient Test Environments with Infrastructure as Code (IaC)Knoldus Inc.
 
Exploring Terramate DevOps (Presentation)
Exploring Terramate DevOps (Presentation)Exploring Terramate DevOps (Presentation)
Exploring Terramate DevOps (Presentation)Knoldus Inc.
 
Clean Code in Test Automation Differentiating Between the Good and the Bad
Clean Code in Test Automation Differentiating Between the Good and the BadClean Code in Test Automation Differentiating Between the Good and the Bad
Clean Code in Test Automation Differentiating Between the Good and the BadKnoldus Inc.
 
Integrating AI Capabilities in Test Automation
Integrating AI Capabilities in Test AutomationIntegrating AI Capabilities in Test Automation
Integrating AI Capabilities in Test AutomationKnoldus Inc.
 
State Management with NGXS in Angular.pptx
State Management with NGXS in Angular.pptxState Management with NGXS in Angular.pptx
State Management with NGXS in Angular.pptxKnoldus Inc.
 
OAuth2 Implementation Presentation (Java)
OAuth2 Implementation Presentation (Java)OAuth2 Implementation Presentation (Java)
OAuth2 Implementation Presentation (Java)Knoldus Inc.
 
Supply chain security with Kubeclarity.pptx
Supply chain security with Kubeclarity.pptxSupply chain security with Kubeclarity.pptx
Supply chain security with Kubeclarity.pptxKnoldus Inc.
 
Mastering Web Scraping with JSoup Unlocking the Secrets of HTML Parsing
Mastering Web Scraping with JSoup Unlocking the Secrets of HTML ParsingMastering Web Scraping with JSoup Unlocking the Secrets of HTML Parsing
Mastering Web Scraping with JSoup Unlocking the Secrets of HTML ParsingKnoldus Inc.
 
Akka gRPC Essentials A Hands-On Introduction
Akka gRPC Essentials A Hands-On IntroductionAkka gRPC Essentials A Hands-On Introduction
Akka gRPC Essentials A Hands-On IntroductionKnoldus Inc.
 
Entity Core with Core Microservices.pptx
Entity Core with Core Microservices.pptxEntity Core with Core Microservices.pptx
Entity Core with Core Microservices.pptxKnoldus Inc.
 
Introduction to Redis and its features.pptx
Introduction to Redis and its features.pptxIntroduction to Redis and its features.pptx
Introduction to Redis and its features.pptxKnoldus Inc.
 
GraphQL with .NET Core Microservices.pdf
GraphQL with .NET Core Microservices.pdfGraphQL with .NET Core Microservices.pdf
GraphQL with .NET Core Microservices.pdfKnoldus Inc.
 
NuGet Packages Presentation (DoT NeT).pptx
NuGet Packages Presentation (DoT NeT).pptxNuGet Packages Presentation (DoT NeT).pptx
NuGet Packages Presentation (DoT NeT).pptxKnoldus Inc.
 
Data Quality in Test Automation Navigating the Path to Reliable Testing
Data Quality in Test Automation Navigating the Path to Reliable TestingData Quality in Test Automation Navigating the Path to Reliable Testing
Data Quality in Test Automation Navigating the Path to Reliable TestingKnoldus Inc.
 
K8sGPTThe AI​ way to diagnose Kubernetes
K8sGPTThe AI​ way to diagnose KubernetesK8sGPTThe AI​ way to diagnose Kubernetes
K8sGPTThe AI​ way to diagnose KubernetesKnoldus Inc.
 
Introduction to Circle Ci Presentation.pptx
Introduction to Circle Ci Presentation.pptxIntroduction to Circle Ci Presentation.pptx
Introduction to Circle Ci Presentation.pptxKnoldus Inc.
 
Robusta -Tool Presentation (DevOps).pptx
Robusta -Tool Presentation (DevOps).pptxRobusta -Tool Presentation (DevOps).pptx
Robusta -Tool Presentation (DevOps).pptxKnoldus Inc.
 
Optimizing Kubernetes using GOLDILOCKS.pptx
Optimizing Kubernetes using GOLDILOCKS.pptxOptimizing Kubernetes using GOLDILOCKS.pptx
Optimizing Kubernetes using GOLDILOCKS.pptxKnoldus Inc.
 

More from Knoldus Inc. (20)

Stakeholder Management (Project Management) Presentation
Stakeholder Management (Project Management) PresentationStakeholder Management (Project Management) Presentation
Stakeholder Management (Project Management) Presentation
 
Introduction To Kaniko (DevOps) Presentation
Introduction To Kaniko (DevOps) PresentationIntroduction To Kaniko (DevOps) Presentation
Introduction To Kaniko (DevOps) Presentation
 
Efficient Test Environments with Infrastructure as Code (IaC)
Efficient Test Environments with Infrastructure as Code (IaC)Efficient Test Environments with Infrastructure as Code (IaC)
Efficient Test Environments with Infrastructure as Code (IaC)
 
Exploring Terramate DevOps (Presentation)
Exploring Terramate DevOps (Presentation)Exploring Terramate DevOps (Presentation)
Exploring Terramate DevOps (Presentation)
 
Clean Code in Test Automation Differentiating Between the Good and the Bad
Clean Code in Test Automation Differentiating Between the Good and the BadClean Code in Test Automation Differentiating Between the Good and the Bad
Clean Code in Test Automation Differentiating Between the Good and the Bad
 
Integrating AI Capabilities in Test Automation
Integrating AI Capabilities in Test AutomationIntegrating AI Capabilities in Test Automation
Integrating AI Capabilities in Test Automation
 
State Management with NGXS in Angular.pptx
State Management with NGXS in Angular.pptxState Management with NGXS in Angular.pptx
State Management with NGXS in Angular.pptx
 
OAuth2 Implementation Presentation (Java)
OAuth2 Implementation Presentation (Java)OAuth2 Implementation Presentation (Java)
OAuth2 Implementation Presentation (Java)
 
Supply chain security with Kubeclarity.pptx
Supply chain security with Kubeclarity.pptxSupply chain security with Kubeclarity.pptx
Supply chain security with Kubeclarity.pptx
 
Mastering Web Scraping with JSoup Unlocking the Secrets of HTML Parsing
Mastering Web Scraping with JSoup Unlocking the Secrets of HTML ParsingMastering Web Scraping with JSoup Unlocking the Secrets of HTML Parsing
Mastering Web Scraping with JSoup Unlocking the Secrets of HTML Parsing
 
Akka gRPC Essentials A Hands-On Introduction
Akka gRPC Essentials A Hands-On IntroductionAkka gRPC Essentials A Hands-On Introduction
Akka gRPC Essentials A Hands-On Introduction
 
Entity Core with Core Microservices.pptx
Entity Core with Core Microservices.pptxEntity Core with Core Microservices.pptx
Entity Core with Core Microservices.pptx
 
Introduction to Redis and its features.pptx
Introduction to Redis and its features.pptxIntroduction to Redis and its features.pptx
Introduction to Redis and its features.pptx
 
GraphQL with .NET Core Microservices.pdf
GraphQL with .NET Core Microservices.pdfGraphQL with .NET Core Microservices.pdf
GraphQL with .NET Core Microservices.pdf
 
NuGet Packages Presentation (DoT NeT).pptx
NuGet Packages Presentation (DoT NeT).pptxNuGet Packages Presentation (DoT NeT).pptx
NuGet Packages Presentation (DoT NeT).pptx
 
Data Quality in Test Automation Navigating the Path to Reliable Testing
Data Quality in Test Automation Navigating the Path to Reliable TestingData Quality in Test Automation Navigating the Path to Reliable Testing
Data Quality in Test Automation Navigating the Path to Reliable Testing
 
K8sGPTThe AI​ way to diagnose Kubernetes
K8sGPTThe AI​ way to diagnose KubernetesK8sGPTThe AI​ way to diagnose Kubernetes
K8sGPTThe AI​ way to diagnose Kubernetes
 
Introduction to Circle Ci Presentation.pptx
Introduction to Circle Ci Presentation.pptxIntroduction to Circle Ci Presentation.pptx
Introduction to Circle Ci Presentation.pptx
 
Robusta -Tool Presentation (DevOps).pptx
Robusta -Tool Presentation (DevOps).pptxRobusta -Tool Presentation (DevOps).pptx
Robusta -Tool Presentation (DevOps).pptx
 
Optimizing Kubernetes using GOLDILOCKS.pptx
Optimizing Kubernetes using GOLDILOCKS.pptxOptimizing Kubernetes using GOLDILOCKS.pptx
Optimizing Kubernetes using GOLDILOCKS.pptx
 

Recently uploaded

Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftshyamraj55
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfFIDO Alliance
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...CzechDreamin
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeCzechDreamin
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...FIDO Alliance
 
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101vincent683379
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityScyllaDB
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfFIDO Alliance
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceSamy Fodil
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...FIDO Alliance
 
Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024TopCSSGallery
 
The UX of Automation by AJ King, Senior UX Researcher, Ocado
The UX of Automation by AJ King, Senior UX Researcher, OcadoThe UX of Automation by AJ King, Senior UX Researcher, Ocado
The UX of Automation by AJ King, Senior UX Researcher, OcadoUXDXConf
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024Stephanie Beckett
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlPeter Udo Diehl
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaCzechDreamin
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FIDO Alliance
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekCzechDreamin
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutesconfluent
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераMark Opanasiuk
 

Recently uploaded (20)

Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoft
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
 
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 
Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024
 
The UX of Automation by AJ King, Senior UX Researcher, Ocado
The UX of Automation by AJ King, Senior UX Researcher, OcadoThe UX of Automation by AJ King, Senior UX Researcher, Ocado
The UX of Automation by AJ King, Senior UX Researcher, Ocado
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří Karpíšek
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
 

Authentication in Svelte using cookies.pptx

  • 1. Authentication in Svelte using cookies Alka Vats & Anuj Tomar
  • 2. Lack of etiquette and manners is a huge turn off. KnolX Etiquettes  Punctuality Join the session 5 minutes prior to the session start time. We start on time and conclude on time!  Feedback Make sure to submit a constructive feedback for all sessions as it is very helpful for the presenter.  Silent Mode Keep your mobile devices in silent mode, feel free to move out of session in case you need to attend an urgent call.  Avoid Disturbance Avoid unwanted chit chat during the session.
  • 3. 1. Introduction to SvelteKit 2. What are HTTP cookies? 3. Understanding SvelteKit cookies methods 4. Authentication using the parent() function 5. Implementing authentication with SvelteKit o Build the UI o Authentication endpoints o Svelte hooks 6. Securing routes and accessing the session on the client
  • 5. Introduction to SvelteKit  SvelteKit is to Svelte what Next.js is to React.  SvelteKit is a framework for building web applications of all sizes, with a beautiful development experience and flexible file system–based routing.  SvelteKit extends Svelte with some functionality that we will use in this knolx session: − file system–based routing − endpoints (server-side functions) − hooks.
  • 6. 02
  • 7. What are HTTP cookies?  Cookies, also known as HTTP cookies, are small text files that websites store on a user’s computer or mobile device.  These files contain data related to the user’s browsing activity on that website, such as login information, preferences, and shopping cart contents.  Cookies can be either “session cookies” or “persistent cookies.”  Session cookies are temporary and deleted when the user closes their browser, while persistent cookies remain on the user’s device until they expire or are deleted by the user.
  • 8. Cookies in SvelteKit • SvelteKit’s cookies have a new method for a cookie header, and also removed the getSession property, which returns the data that was set in user session. • With this new concept, it’s now much easier to work with cookies compared to adding payload manually to the request header. • This update comes with a set of flexible methods, including set, get, and delete.  Session management  Persistence  Client-side storage  Cross-domain compatibility  Scalability Advantages of using cookies:
  • 9. Disadvantages of using cookies  Security concerns: - Care must be taken to properly sanitize input and validate data to prevent these types of security attacks  Size limitations: - Cookies have a size limit of around 4KB, which may not be sufficient for storing larger amounts of data. This can limit the amount of data that can be stored on the client side  Compatibility issues: - Some users may have cookies disabled or may be using older browsers that do not support cookies. This can limit the effectiveness of using cookies as a data storage mechanism
  • 10. 03
  • 11. The 'set' method  This method is used to set cookies in the Set-Cookie header and define options as needed, making the cookies available for recurring usage.  To use the set method, you need to provide name , value, and option — option is optional. These config options allow us to specify various options that help ensure security and restriction to the cookie data: cookies.set('sessionId', "info@gmail.com", { httpOnly: true, sameSite: 'strict', secure: false, path: '/', maxAge: 60 * 60 * 24 * 7 });
  • 12. The 'get' method  This method is used to get cookie data that was previously set with cookies.set, or from the request headers.  The get method takes two parameters: name and options, though options is optional: cookies.get('session');  This method is used to delete a cookie from the browser.  Deleting a cookie removes the data and the expiry period attached to that cookie.  This method takes two parameters: name and options; again, options is optional: await cookies.delete('session', {path: '/'}); The 'delete' method
  • 13. 04
  • 14. Authentication using the parent() function  The parent() function is used to return props data from various load functions, then combine them together as one object.  Additionally, the load function is used to return data from the server/client to the Svelte template: //src/routes/+layout.server.js export const load = async ({ request, locals, cookies }) => { return { user: locals.user, welcome_message: "welcome back", }; };  The +page.js is executed on the client side while the other files with .server.js are executed on the backend: //src/routes/+page.js export const load = async ({ parent }) => { const { user, welcome_message } = await parent(); return { user: user, message: welcome_message };};
  • 15. 05
  • 16. Implementing authentication with SvelteKit - Setup First, we’ll initialize the SvelteKit project. npm create svelte@latest sveltekit-auth cd sveltekit-auth npm install Authentication endpoints/workflow  First, we need one additional library that will help us generate a random ID for each user: npm i uuid
  • 17. Svelte hooks  Svelte hooks run on the server and allow us to extend the behavior of SvelteKit.  The handle hook runs on every request (and during prerendering).  It gives us access to the request and allows us to modify the response.  We can add custom data to request.locals, which will be available in all endpoints.  We will use it to parse the session_id cookie, retrieve the session, and attach the session data to request.locals.  The hook, which can also be referred to as a middleware, helps us handle the unauthorized user trying to access protected pages.
  • 18. 06
  • 19. Securing routes and accessing the session on the client  In /src/routes/protected, we can create another route, called /protected that will only be accessible by authenticated users.  We can then check if the session contains the user. If that’s not the case, the user isn’t signed in.  We can redirect the user by returning the combination of HTTP status code 302 (found) and a redirect pointing to the route where the user should be redirected.  Because the load function is running before the actual rendering of the page, an unauthenticated user will never see the page.
  • 20. Securing routes and accessing the session on the client  This is how the protected route looks: // src/routes/protected/+page.svelte <script> export let data; </script> <svelte:head> <title>Protected Page</title> <meta name="description" content="About this app" /> </svelte:head> <h1 class="text-2xl font-semibold text-center">Hi! You are registered with email: {data.user.email}.</h1>