Setting cookie to save access token in our React JS app with Laravel API | React, Laravel 

Most welcome

Will check

Yes, we can expire the cookies based on their expiry time. That's an advantage

Difficult to tell without the code

too old so archiving

As far as I know, to store cookies you will need to use some package. You can use universal-cookies or js-cookies etc. But yes, I am sure some kind of package is required. Unless of course you want to use Native browser API and know how to do that.

Ok, I will also have to check. Generally, I have always kept a short lived token hence never used refresh token. Will check

Looked at the github code, yes it does serialise the data before setting the cookie

Yes, why not

@@amitavroydev Thanks for reply. Laravel saying SPA authentication will be cookie based and the mobile authentication is token based. I think there is some hacks that every one will know by your tutorial. Thanks again for your good work ❤

See mobile apps don't have the ability to drop cookies, so they will use tokens while web apps will continue to use the cookie based approach. Sanctum allows both

Yes, Laravel does offer you to change the default field from email to something else. You just need to customise the login controller. Check this link laravel.com/docs/7.x/authentication#included-authenticating Section is username customisation

@@amitavroydev How difficult is it to create a registration form and get it working with the laravel API? I find many different tutorials, but no idea what the correction method is.

Things have changed a lot

Send it to other files as in? You have set the data in the cookie. So from now on where ever you want to send the token, you can read the token from the cookie and then attach it to the header. That's the flow.

@@amitavroydev thanks that's helpful. Apart from token i'm sending logged in user ID in response which i'm gonna use in other component. i'm having difficulty to send this specific ID to other component files.

Yes, you are correct. There is a flaw that someone can change value and bypass the login screen and land up on the home page. And, he will see some basic design elements as well. However, the user will not be able to see any data. The reason is when we make an API call, at that point the token is validated. It's a safe tradeoff I feel.

@@amitavroydev How is that user not able to see data? And does Laravel have a way to validate the token, which we can call with an api?

@@mijnnaamisramon Laravel validates the token or what's the point of all authentication thing?

@@EdwinManual I switched from Auth to Laravel Sanctum, it was much more suited for my situation.

If your requirements are getting filled by cookies then yes, it's a good option

Store it in cookie. That's the best approach

@@amitavroydev How would you get the right data? the login response only give the email and the password. Or do you get the rest of the data by making an API call where you search for the user with the same email address?

Ideally, you can create an API which returns the entire object of the current logged in user. That way, the app can query that API and get the data anytime it wants to

@@amitavroydev Okay, i will try that. Thank you very much for your help!

Most welcome

When a session starts, it is created with an expiry

When I was doing this video, I was not very comfortable with functional components. However, now if you look at the latest videos, I have switched to functional components. And, I really like the simplicity. However, just one thing - it won't matter a lot whether you use a class based component or a functional component. It's just another way of doing thing.

@@amitavroydev Just one more thing. Someone has already mentioned about that. I do feel bit lack of explanation. Just a feedback. :) Will you be doing react redux aysnc API call as well?

Thanks for the honest feedback. I will try to ensure that my explanation are more elaborate. In regards to redux - I have not worked with it and hence, I first need to explore it myself.

Open as in? You want to add that flag?

Ok, why so? And if not cookies, then where do you want to store it?

Updated the description with the git repo link