<h1 id="what-is-token-based-authentication">What is Token-Based Authentication?<a aria-hidden="true" class="anchor-heading icon-link" href="#what-is-token-based-authentication"></a></h1>
<blockquote>
<p><a href="https://www.permit.io/blog/what-is-token-based-authentication/">https://www.permit.io/blog/what-is-token-based-authentication/</a></p>
</blockquote>
<h2 id="why-not-password-and-sessions">Why Not Password and Sessions?<a aria-hidden="true" class="anchor-heading icon-link" href="#why-not-password-and-sessions"></a></h2>
<ol>
<li><strong>Scalability</strong>: Managing session states across multiple servers or microservices can be time-consuming and inefficient.</li>
<li><strong>Performance</strong>: Constantly verifying session information with each request adds overhead, impacting application performance.</li>
<li><strong>Security Risks</strong>: Sessions can be vulnerable to various attacks, such as session hijacking and cross-site scripting (XSS).</li>
</ol>
<p>Token-based authentication addresses these issues by offering a <strong>stateless approach</strong>. Each token encapsulates the user's identity and permissions, eliminating the need for the server to maintain the session state. This approach doesn’t just simplify the architecture but also enhances security.</p>
<h2 id="challenges-in-using-tokens"><strong>Challenges in Using Tokens</strong><a aria-hidden="true" class="anchor-heading icon-link" href="#challenges-in-using-tokens"></a></h2>
<p>While token-based authentication offers numerous advantages, it also comes with its own challenges that developers must navigate.</p>
<ol>
<li><strong>Token Management</strong>: Securely storing and managing tokens, especially refresh tokens, is crucial. Poorly managed tokens can become a security liability.</li>
<li><strong>Token Expiration</strong>: Implementing and handling token expiration requires careful thought to balance security and user experience.</li>
<li><strong>Scalability and Performance</strong>: In high-traffic systems, validating tokens for each request can become a performance bottleneck.</li>
<li><strong>Cross-Domain/Cross-Origin Issues</strong>: When tokens are used across different domains, developers need to handle potential CORS (Cross-Origin Resource Sharing) issues.</li>
</ol>

What is Token-Based Authentication?


Hi there 👋. I'm a Front-end developer.

---

> I've often described my motivation for building software to others using imagery: I like to go find a secluded beach, build a large, magnificent sand castle, and then walk away. Will anyone notice? Probably not. Will the waves eventually destroy it? Yep. Did I still get immense satisfaction? Absolutely. — [aliasxneo](https://news.ycombinator.com/item?id=41497113)

> Simplicity, even if it sacrifices some ideal functionality has better survival characteristics than the-right-thing. — [The Rise of Worse is Better](https://www.dreamsongs.com/RiseOfWorseIsBetter.html)

> We love to see the process, not just the result. The imperfections in your work can be beautiful if they show your struggle for perfection, not a lack of care. — [ralphammer](https://ralphammer.com/is-perfection-boring/)

> [Roberto Blake was talking about making 100 crappy videos](https://www.youtube.com/watch?v=OnUBaQ1Sp_E) to get better over time. Putting in the reps and improving a little bit each time.
>
> Putting in the work without expecting any external reward at first (eg views, followers, likes, etc) will pay off in the long run. — [100 Scrappy Things](https://www.florin-pop.com/blog/100-scrappy-things/)

> A good match is a **structured** dance, where players aim to **score** while they are following well-defined **rules**. This **freedom within a structure** is what makes it fun. — [ralphammer](https://ralphammer.com/how-to-get-started/)

> “Motivation often comes after starting, not before. Action produces momentum.” — James Clear

> Focus is more about **not** keeping busy when you need to wait for something.  
> Eat the boredom for a minute.
>
> — [[life-tips#wodenokoto]]

> [4 minutes run hard enough to push heart rate to 90%, 3 minutes recover, repeat 4 times](https://news.ycombinator.com/item?id=34213181)
>
> - https://www.ntnu.edu/cerg/advice
> - [Get running with Couch to 5K](https://www.nhs.uk/live-well/exercise/running-and-aerobic-exercises/get-running-with-couch-to-5k/)

> [recommended routine - bodyweightfitness](https://www.reddit.com/r/bodyweightfitness/wiki/kb/recommended_routine/) - I Don't Have This Much Time!
>
> - Don't workout at all (saves anywhere from 20 to 60 minutes, but really, really, really, really, really, really, really, really, really not recommended)

> 도무지 읽히지 않는 책 앞에서 내가 택한 방법은 펼쳐진 페이지 앞에서 멍때리기이다. 다르게 표현하면 이렇다. 펼쳐진 두 페이지 앞에서 오래 머물기.
>
> 책을 펼쳐놓는 것으로 충분하다. 읽지 못해도 좋다. 매일 정해진 진도를 나가야 하는 학교 수업이 아니니까. 하지만 읽지 않아도 괜찮다고 해서 펼쳐두지조차 않으면 곤란하다. 가능한 한 자주 책을 펼쳐두도록 하자. 전혀 읽지 않고 멍하니 바라보고 있다가 다시 덮게 되더라도
> — 막막한 독서. 시로군. P.10~13

> I think it should be everyone's primary focus to sleep well, drink water, get outside, get active, and eat generally decently. I hate to say it, but if you're not eating a good amount of vegetables and fruit, decent protein, sleep, etc, no amount of XYZ will catch up to that detriment. — [CE02](https://news.ycombinator.com/item?id=35056071)

> My real battle is doing good versus doing nothing. — [Deirdre Sullivan](https://www.npr.org/2005/08/08/4785079/always-go-to-the-funeral)

> Sometimes magic is just someone spending more time on something than anyone else might reasonably expect. — [Teller](https://www.goodreads.com/quotes/6641527-sometimes-magic-is-just-someone-spending-more-time-on-something)

> Before leaving for the day I leave a comment in code: I’m working on this, need to do A, B C… to get it working. — [makz](https://news.ycombinator.com/item?id=40744916)

---

## What I read in past

- [[What I read in 2025|journal.what-i-read-in.2025]]
  - [[2024|journal.what-i-read-in.2024]]
  - [[2023|journal.what-i-read-in.2023]]
  - [[2022|journal.what-i-read-in.2022]]
- 📝 [Gists](https://gist.github.com/Luke-SNAW)
- 📜 [Journals](https://luke-snaw.github.io/Luke-SNAW__netlify-CMS.github.io/)

---

- [[journal.what-i-struggled-brag-in]]
