Strapi Jwt Cookies
Securely use users-permissions's JWT on cookies
Overview
The "Strapi JWT Cookies" package securely uses users-permissions' JWT on cookies. It is compatible with Strapi v4 and requires the "@strapi/plugin-users-permissions" package. This package extends the core plugin, adding additional middlewares and a logout controller. It also splits the JWT into two cookies for easier frontend access and automatically logs out users after a period of inactivity. However, it does not include a CSRF prevention mechanism.
Features
- Split JWT into two cookies: JWT header.signature is stored in a httpOnly cookie, while the payload is stored in a cookie accessible by JavaScript.
- Automatically log out on user inactivity: The package sets a cookie expiration time and logs out users who have been inactive for a certain period.
- Secure authentication process: The package ensures that the request is from the frontend by utilizing the SameSite flag and checking request custom headers.
Summary
The "Strapi JWT Cookies" package provides a convenient and secure way to use users-permissions' JWT on cookies. It splits the JWT into two cookies for easier frontend access and automatically logs out users after a period of inactivity. However, it does not include a CSRF prevention mechanism. To install the package, follow the provided installation guide.
- Strapi
Strapi is an open source headless CMS that provides a customizable content management system and API for your projects. It allows you to manage content in a visual interface and use a REST or GraphQL API to retrieve the data.