The article explains why many interviewers mock the Redis‑based token design, then systematically presents technical and security reasons—controllable logout, multi‑device SSO, high performance, dynamic permissions—and provides concrete implementation details, comparison with pure JWT, and best‑practice responses.
Although JWT is marketed as a stateless, database‑free authentication method, real‑world applications often store token identifiers in Redis to handle logout, password changes, and token renewal, which reintroduces state and a database lookup.
The article walks through creating a full‑stack university student archive management system—using Java 17, Spring Boot 4, MySQL 8 on the back end and Vue 3, Vite, Element Plus on the front end—generated in about 20 minutes with Cursor AI, and explains the architecture, role‑based access, JWT security, and data flow in detail.
This article details a step‑by‑step penetration test on a university’s web platform, covering XSS file uploads, JWT tampering for arbitrary login, massive personal data leakage, SQL injection payloads, and the exposure of several AK/SK secrets, all with concrete screenshots and commands.
The article explains why many interviewers dismiss Redis‑backed token storage as a bad design, then systematically demonstrates how Redis + token offers controllable logout, multi‑device support, high performance, dynamic permission refresh, and scenario‑driven architecture choices, providing concrete response scripts and advanced enhancements for interview success.
This article walks through creating a complete login authentication system—including registration, login, token refresh, and permission control—by replacing Spring Security's default session handling with JWT, configuring backend filters and utilities, and integrating a Vue 3 + Pinia front‑end with automatic token renewal.
This article launches a new series that walks through building a complete technical blog system from the ground up, detailing the chosen Spring Boot and Vue3 stack, phased feature roadmap, database schema, project structure, and initial unified response and global exception handling code.
The article explains JWT fundamentals, why pure stateless tokens cannot be revoked, compares blacklist and whitelist Redis strategies, discusses token renewal with double‑token design, and shows how to articulate the right answer in an interview.
In a recent interview question about placing authentication tokens in Redis, experts debate the trade‑offs between pure JWT statelessness and Redis‑backed session control, covering security risks, performance, token revocation, sliding expiration, and practical implementation guidelines.
The article analyzes the debate over placing JWT tokens in Redis, compares traditional session and JWT approaches, discusses security and performance trade‑offs, shows practical blacklist code, and explains when a centralized store is justified versus when true stateless JWTs are preferable.
This article critically examines the pitfalls of using JSON Web Tokens (JWT) as a session mechanism, highlighting security risks, scalability issues, and practical drawbacks, while outlining when JWTs are appropriate and recommending safer session strategies.
This article explains why vector databases lack row‑level security, presents a three‑layer permission architecture—including JWT authentication, Milvus metadata or partition filtering, and post‑retrieval validation—covers document security levels, PostgreSQL RLS, audit logging, caching strategies, and offers interview‑ready talking points.
Although JSON Web Tokens have legitimate uses, this article explains why they are unsuitable for storing session data, detailing the security risks, scalability issues, and practical drawbacks compared to traditional session cookies, and finally outlines scenarios where JWTs are appropriate.
This guide outlines interview focus points, core definitions, and deep analysis of Cookie, Session, and Token (JWT), compares their storage, security, scalability, and cross‑origin support, and provides high‑frequency follow‑up questions, common variants, memory mnemonics, and selection principles for Java authentication.
Although JWT is marketed as a decentralized, stateless solution, the majority of real‑world applications still rely on a Token + Redis approach because it simplifies logout handling, avoids Redis outages, and aligns better with practical security requirements.
This article explains how HTTP's stateless nature leads to the use of cookies, sessions, tokens, and JWTs for authentication, comparing their mechanisms, security trade‑offs, and practical interaction flows with clear diagrams.
JSON Web Tokens (JWT) provide a compact, signed, self-contained way to authenticate API requests without server-side session storage, offering scalability and speed, while introducing trade-offs such as revocation challenges, token size, and exposure of unencrypted payloads, making them ideal for distributed systems but unsuitable for scenarios requiring immediate logout or sensitive data.
This article explains how FastAPI’s async support, type‑hint integration, automatic OpenAPI docs, and rich ecosystem enable Python developers to build scalable, secure microservices with layered architecture, JWT authentication, performance optimizations, comprehensive testing, Docker/Kubernetes deployment, and structured logging.
This article systematically introduces ten widely used authentication methods—including HTTP Basic Auth, Session‑Cookie, Token, JWT, Single Sign‑On, OAuth 2.0, federated login, unique‑device login, QR‑code login, and one‑click mobile login—explaining their principles, workflows, advantages, drawbacks, and typical implementation libraries.
Storing JWT tokens in localStorage has become a serious security risk because XSS attacks can steal them, so developers should adopt safer alternatives such as HttpOnly cookies, BFF‑backed sessions, or Service Worker‑based in‑memory storage, each with its own trade‑offs.
This article walks through a complete design and implementation of a unified single sign‑on system using OAuth2.0 authorization‑code flow, Spring Cloud Gateway, JWT, Redis, and Nacos, comparing JWT, authentication, and authorization while presenting performance metrics, security considerations, and interview‑ready answers.
This article walks through a production‑grade OAuth2 authentication center built with Go and Gin, covering a three‑layer architecture, stateless JWT handling, key‑rotation, short‑hash token revocation, high‑availability design, and practical open‑source references.
This article introduces JSON Web Tokens (JWT), explains how they work in authentication flows, and examines their major drawbacks such as token size overhead, redundant signatures, revocation challenges, stale data risks, and lack of encryption, concluding that JWTs are suited for short‑lived claims but not for long‑term session management.
This article explains the double token (Access Token + Refresh Token) authentication model, compares it with single‑token approaches, outlines production‑grade security measures, recommends token lifetimes, and provides a complete Java Spring Boot implementation with code examples.
Storing JWT tokens in localStorage, once a common practice for front‑end authentication, now poses severe XSS risks; this article explains the vulnerabilities, compares HttpOnly cookies, BFF with cookies, and Service Worker‑based solutions, and recommends safer strategies for modern web applications.
The article starts by highlighting Xiaomi's competitive software developer salaries, then provides a detailed Java interview guide covering reflection fundamentals, static vs dynamic proxies, SPI vs API, synchronization behavior, Redis caching strategies, and JWT authentication, complete with code examples and practical comparisons.
This comprehensive guide explains why authentication is needed for stateless HTTP, walks through the workflows, advantages, and drawbacks of Cookies, Sessions, Tokens, JWTs, Refresh Tokens, blacklist strategies, and OAuth2/OAuth2.1, and provides practical security best‑practice recommendations for web, mobile, and micro‑service architectures.
This guide shows how to add Spring Boot WebSocket support, configure a server endpoint, implement lifecycle callbacks, and secure connections with JWT validation, providing a complete solution for high‑frequency real‑time data exchange.
This tutorial walks you through creating a scalable, stateless authentication and authorization solution for Spring Boot 3.x applications using JWT, covering project setup, token generation, method‑level security, automatic token renewal, blacklist handling, and common troubleshooting tips.
Shopee’s 2023 backend positions offer competitive salaries ranging from 23.5k to 32k in Shenzhen, and the article provides a comprehensive interview guide covering network models, TCP handshake, HTTP/HTTPS differences, MySQL isolation levels, foreign keys, slow query optimization, JWT authentication, RBAC, and Redis sorted sets.
This comprehensive guide explores the fundamentals of authentication and authorization, detailing how credentials, cookies, and sessions work together, and compares traditional session-based approaches with modern token-based solutions such as JWT, covering their mechanisms, advantages, drawbacks, and best practices for secure, scalable web applications.
This article explains the fundamental differences between authentication and authorization, outlines various authentication factors, details the JWT signing process, and introduces Casbin as a powerful open‑source authorization framework, helping developers secure API access effectively.
This article explains the fundamentals of authentication, authorization, and credentials, compares cookies, sessions, and tokens, introduces JWT structure and usage, discusses common security concerns, and outlines practical solutions for distributed systems and modern web applications.
The article shares recent JD backend salary data ranging from 24k to 32k RMB per month, explains the compensation structure, and provides a step‑by‑step interview preparation guide covering project presentation, JWT, Redis, thread pools, MySQL‑Elasticsearch sync, isolation levels and performance analysis.
This article explains how to build a JWT blacklist in Spring Boot 3, covering token fingerprinting, storage options using Caffeine or Redis, request interception, configuration, and sample login/logout endpoints to revoke tokens before they expire.
This step‑by‑step guide shows how to integrate Spring Security into a Spring Boot project, configure Maven dependencies, define User, Role and Permission entities, set up MyBatis mappers, implement JWT generation and validation, and build the service, controller, and configuration layers for a complete authentication system.
This article provides a comprehensive comparison of JWT and Token‑Redis authentication schemes, covering their underlying principles, Java implementations, advantages and disadvantages, performance and security trade‑offs, suitable use‑cases, and practical guidance for choosing the optimal solution in modern web and mobile applications.
This article thoroughly compares JWT and Token‑plus‑Redis authentication approaches, detailing their underlying principles, Java implementations, performance, security trade‑offs, and ideal use‑cases, and even proposes a hybrid solution that combines the strengths of both methods for modern applications.
This article demystifies authentication concepts—Cookie, Session, Token, JWT, and OAuth2—using clear analogies, explains their inner workings, advantages, drawbacks, and provides practical guidance on when to choose each mechanism for modern web applications.
This article explains why JSON Web Tokens are unsuitable for session storage, outlines the security risks and practical drawbacks, and shows the scenarios where JWTs are appropriate, helping developers make informed authentication choices.
This article explains the differences, technical details, and best‑practice implementations of Cookies, Sessions, Tokens, JWT and OAuth 2.0, helping developers decide which authentication mechanism fits various web and API scenarios while addressing security considerations.
This article explains how to implement seamless, invisible token refresh in a Spring Boot authentication server and a Vue/axios frontend, covering gateway interceptors, JWT expiration handling, Axios response interceptors, timer‑based proactive refresh, and complete code examples for both backend and client sides.
This article explains common approaches for storing user login state in distributed single sign‑on systems, covering the simple cookie‑plus‑session method, session storage in Redis for high‑availability, and token‑based JWT solutions, while discussing their architectures, advantages, and potential drawbacks.
This article demystifies the differences between Cookie, Session, Token, JWT, and OAuth2, explains their underlying mechanisms, shows practical Spring code examples, compares their security properties and suitable scenarios, and provides clear guidance on choosing the right authentication strategy for modern web applications.
Learn how to design and implement a unified authentication and authorization system for complex microservice architectures using the open‑source easyms project, covering core components, JWT handling, token revocation, API‑gateway integration, security best practices, and extensible features.
This guide explains how to secure FastAPI applications using OAuth2 with JWT, role‑based access control, refresh‑token workflows, multi‑factor authentication, and integration with external providers such as Auth0, Keycloak, and Firebase.
Learn how to build a secure authentication system in Spring Boot 3 that restricts each user to a single active session, stores tokens in Redis, and implements automatic JWT token refresh, with detailed code examples and step‑by‑step explanations.
This article demystifies JSON Web Tokens (JWT), explaining how they work, outlining their advantages and disadvantages, and highlighting security and implementation concerns that developers should consider before using JWT in production environments.
This article walks through the fundamentals of role‑based access control (RBAC), explains RBAC model variants, demonstrates how to configure Spring Security with in‑memory, database, and JWT authentication, and shows JSON‑based login and password encryption techniques for secure backend development.
This tutorial explains the fundamentals of JSON Web Tokens, their structure, how to encode them with base64Url, and provides a complete FastAPI implementation—including installation, token generation, verification, protected routes, and practical security recommendations—for building robust authentication in distributed systems.
With the rise of digital economies, token security—especially JWT—has become critical; this article compares token and traditional session authentication, outlines token-based authentication flow, identifies theft, replay, and forgery threats, and presents comprehensive safeguards such as HTTPS, encryption, secure storage, expiration policies, 2FA, and safe refresh mechanisms.
This article examines common JWT vulnerabilities—including token exposure via localStorage, algorithm‑tampering “none” attacks, weak signing keys, and lack of revocation—and presents a robust solution using HTTPS transmission, HttpOnly Secure cookies, SM9 cryptographic signatures, and a Redis‑based blacklist to achieve dramatically improved security.
Learn how to implement a complete JWT authentication workflow in pure PHP—from generating and verifying tokens, creating a simple login system, protecting routes with middleware, to adding token refresh logic—while covering essential security best practices without relying on any framework.
This article explains why sudden logouts occur due to expired JWT tokens stored in Redis, and presents both backend automatic token renewal and frontend double‑token (access‑token and refresh‑token) approaches, complete with code examples, testing tips, and handling edge cases such as long‑idle form submissions.
This article explains how to achieve invisible token renewal in modern web systems using Spring Boot, JWT, and Redis, detailing backend auto‑renewal, frontend interception, dual‑token strategies, and handling edge cases like silent form timeouts to keep user sessions uninterrupted.
This article explains why silent token refresh is needed, outlines backend and front‑end strategies for automatically renewing JWTs, provides a complete Java implementation with Maven dependencies, utility methods, unit tests, and discusses handling edge cases such as long‑idle forms.
Storing JWT tokens in localStorage, once a common practice for front‑end authentication, now poses severe XSS risks, prompting developers to adopt more secure methods such as HttpOnly cookies with SameSite protection, BFF‑backed session cookies, or Service Worker‑based token handling, each with trade‑offs.
This guide explains how to implement JWT‑based authentication for WebSocket connections in PHP using the GatewayWorker framework, covering token generation, server‑side validation, client‑side usage, and practical code examples.
This article demonstrates how to integrate Spring Security into a Spring Boot application, configure JWT‑based authentication, implement custom AES encryption, define user and role entities, set up service and controller layers, and configure security, filter, and CORS settings to achieve secure login and permission management.
This article explains how JWT provides stateless authentication while Session adds an extra security layer and lifecycle management, and demonstrates their combined use with Java code to achieve both scalability and fine‑grained control over user sessions.
This beginner-friendly guide explains core authentication mechanisms, the OAuth2.0 flow, token types, the role of refresh tokens, JWT pitfalls, and RBAC design, providing a solid foundation for secure backend development.
This article explains the fundamentals of JSON Web Tokens (JWT), compares token‑based authentication with traditional session authentication, outlines common security threats such as theft, replay and forgery, and provides practical mitigation measures including HTTPS, token encryption, secure storage, expiration policies, two‑factor authentication and safe token refresh mechanisms.
This article explains the fundamentals of JSON Web Tokens (JWT), compares token‑based authentication with traditional session authentication, outlines common token security threats such as theft, replay, and forgery, and presents practical mitigation measures including HTTPS, encryption, secure storage, short expiration, MFA, and safe token refresh mechanisms.
This article explains the technical selection between JWT and session for authentication, compares their differences, advantages, and disadvantages, and provides a complete Java implementation—including token generation, Redis storage, login/logout, password update, and request interception—demonstrating why JWT was chosen for a distributed backend system.
This article compares JWT and session-based authentication, detailing their differences, certification processes, advantages, disadvantages, security considerations, performance impacts, token renewal, and revocation strategies, and provides a complete Java implementation using Spring, Redis, and custom utility classes.
Learn how to implement stateless JWT authentication and role‑based authorization in FastAPI, covering token structure, installation of PyJWT, creating login and protected endpoints, custom dependencies, and testing via Swagger UI, while highlighting security benefits and best practices for robust backend APIs.
This article presents a continuously updated collection of over 100 Spring Boot 3 practical cases, demonstrating how to implement permission authentication using Spring AOP, custom annotations, JWT utilities, interceptors, a global exception handler, a security context, and a custom argument resolver, complete with test examples and screenshots.
This article explains the fundamentals of token‑based authentication, the drawbacks of fixed token lifetimes, and presents multiple silent‑refresh techniques—including double‑token mechanisms, front‑end timers, server‑side proactive refresh, and concurrency‑safe lock strategies—along with practical code examples and performance considerations for high‑concurrency scenarios.
This article compares JWT and session authentication, discusses their differences, advantages, security and performance considerations, and provides a complete Java implementation with Redis integration, including token generation, validation, renewal, and interceptor configuration for secure backend services.
This article explains the stateless nature of HTTP, compares session‑based and token‑based authentication, describes JWT structure and security considerations, and provides Java code examples for implementing login, token generation, verification, and extraction in a backend application.
This article explains the fundamentals of JSON Web Tokens (JWT), compares token‑based authentication with traditional session methods, outlines common token security threats such as theft, replay and forgery, and provides practical measures—including HTTPS, encryption, secure storage, expiration policies, two‑factor authentication, and safe token refresh—to protect token integrity in modern web applications.
This article explains what JSON Web Tokens are, outlines their typical usage flow, and critically examines their drawbacks such as size overhead, redundant signatures, revocation challenges, stale data, lack of encryption, and broader security concerns.
This article explains the design and implementation of a dual‑token authentication system—short‑lived AccessToken and long‑lived RefreshToken—for WeChat Mini‑Programs, covering token generation, login flow, client‑side handling of 401/403 errors, and best‑practice testing strategies.
This article explains the concepts and models of Role‑Based Access Control (RBAC), demonstrates how to configure RBAC permissions in Spring Security, and provides step‑by‑step Java code for integrating JWT authentication, password encryption, and custom login filters for secure backend development.
This comprehensive tutorial explains RBAC concepts and models, demonstrates basic Spring Security setup, shows how to integrate JWT for stateless authentication, covers JSON‑based login, password encryption with BCrypt, and database‑backed authentication, providing full code examples for each step.
This article explains the structure of JSON Web Tokens, outlines common attack vectors such as algorithm confusion, weak keys, replay, and header injection, and provides practical mitigation strategies and a testing checklist with recommended security tools.
JSON Web Token (JWT) is a compact, self‑contained, stateless token that encodes header, payload, and signature in Base64URL, enabling secure, signature‑verified authentication without server‑side session storage, simplifying scaling, supporting cross‑domain use, while offering advantages like lightweight extensibility and drawbacks such as revocation difficulty and secret‑key reliance.
This article explains Apache Shiro’s fundamental components—Subject, SecurityManager, Realm, Session, authentication, authorization, and cryptography—then walks through a complete configuration example, a custom Realm, JWT integration, and a Spring Boot microservice scenario to illustrate secure, stateless authentication and fine‑grained permission control.
WeBlog is a Spring Boot and Vue 3.2 based full‑stack blog that combines a MySQL‑backed backend with JWT authentication, MinIO storage, and a hand‑crafted Element Plus admin UI, offering markdown publishing, analytics dashboards, and open‑source repository links for developers to explore.
This article explains the structure of JSON Web Tokens, enumerates common attack vectors such as algorithm confusion, weak keys, replay, header injection, and provides practical mitigation steps and a step‑by‑step testing methodology with relevant tools and code examples.
This article explains the fundamentals of JSON Web Tokens (JWT), compares token‑based authentication with traditional session authentication, outlines common security threats such as theft, replay and forgery, and provides practical mitigation measures including HTTPS, token encryption, secure storage, short expiration, two‑factor authentication and safe token refresh mechanisms.
This article demonstrates how to implement fine‑grained permission checks in Spring Boot 3 without using Spring Security, by creating custom HandlerInterceptors, JWT utilities, DAO and service layers, and integrating SpEL expressions for dynamic authorization, complete with code snippets and test results.
This article explains three backend strategies—session‑cookie, token, and JWT—to ensure an account can only be active on one device at a time, detailing the workflow, data structures, and Redis integration needed to implement forced logout across multiple endpoints.
This article explains how JWT provides stateless user authentication while Session adds an extra security layer and state management, detailing their individual roles, reasons for using Session, combined benefits, and includes Java code examples for implementing login and token validation.
This article explains the fundamentals of JSON Web Tokens (JWT), compares token‑based authentication with traditional session authentication, outlines common security threats such as theft, replay, and forgery, and presents practical measures—including HTTPS, encryption, secure storage, short lifetimes, two‑factor authentication, and safe token refresh—to protect token integrity in modern web applications.
This article explains the distinct roles of JWT and Session in user authentication, why a Session layer is needed alongside JWT, and demonstrates with Java code how to create and validate tokens while managing session state for enhanced security and scalability.
This article explains how to implement invisible token refresh for authentication servers using Spring Boot gateway filters, JWT handling, Axios interceptors, and a client‑side timer, compares client‑ and server‑side approaches, and provides complete code examples and practical recommendations.
This article explains how JWT provides stateless user authentication while Session adds an extra security layer and state management, detailing their respective roles, the reasons for using Session alongside JWT, and offering Java code examples that illustrate their combined implementation.
This article explains the fundamentals of JSON Web Tokens (JWT), compares token-based authentication with traditional session methods, outlines common security threats such as theft, replay and forgery, and provides practical measures—including HTTPS, encryption, proper storage, expiration policies, and two-factor authentication—to safeguard token integrity.
This article explains the fundamentals of JSON Web Tokens (JWT), compares token-based authentication with traditional session methods, outlines common security threats such as theft, replay and forgery, and provides practical mitigation measures including HTTPS, encryption, secure storage, short lifetimes, two‑factor authentication, and safe token refresh strategies.
The article explains JWT fundamentals, shows how to integrate it with SpringBoot, compares JWT with a Token‑plus‑Redis approach, and argues why using JWT alone can be problematic in a system that already relies on Redis for session management.
This article explains the concepts of role‑based access control (RBAC), compares RBAC models, shows how to configure permissions and user groups, and provides step‑by‑step code examples for integrating Spring Security with JWT, JSON login, password encryption and database authentication in Java backend applications.
This guide explains the JWT standard, its three‑part structure, the authentication flow, and a double‑token solution using short‑lived access tokens and long‑lived refresh tokens, with full PHP code examples, middleware interception, configuration, and client‑side renewal logic.
This tutorial walks through RBAC fundamentals, model classifications (RBAC0‑3), permission and user‑group concepts, then demonstrates practical Spring Security setups including in‑memory authentication, JWT integration, JSON‑based login, password encryption with BCrypt, and database‑backed authentication, providing complete code examples.
The article compares token‑based authentication options for Java microservices—stateless JWTs, OAuth 2.0 with access and refresh tokens, a centralized API‑gateway authority, and internal service‑to‑service schemes—guiding readers on selecting the best approach according to security, scalability, and business needs.
This article explains traditional session‑based authentication, introduces JWT and JJWT usage with Java code examples, and compares two microservice authentication designs—service‑side verification and API‑gateway unified verification—while discussing their trade‑offs, challenges, and practical implementation tips.
This article explains how to implement seamless, invisible token refresh for authentication systems, covering client‑side strategies using Axios interceptors and timers, server‑side gateway filters with Spring Boot, code examples for detecting token expiration, obtaining new tokens, and choosing between client and server approaches based on security and performance considerations.
This article explains the concepts and models of Role‑Based Access Control (RBAC), demonstrates how to configure Spring Security for in‑memory and JWT‑based authentication, and provides complete Java code examples for permissions, user groups, password encryption, and custom login filters.
The article explains how HTTP’s stateless nature requires session or token mechanisms for preserving user state, compares session‑based and JWT token authentication, details JWT structure, and provides Java code examples for generating, verifying, and extracting token information, while also promoting related services.
This article explains what JSON Web Tokens are, outlines their typical workflow, and critically examines their drawbacks—including size overhead, redundant signatures, revocation challenges, lack of encryption, and broader security concerns—before concluding with practical recommendations for their use.
