Posted on

Why Is Redux State Immutable?

For Redux to work correctly, the state must be immutable. This means that whenever we update the Redux state, we have to create a copy of the whole state and set values to fields we want to change. In code, this usually looks like this:

JavaScript
  
let newState = {
    ...oldState,
    field1: {
        ...oldState.field1,
        field2: "someNewValue"
    },
}


Posted on

Express-session vs SuperTokens For Handling User Sessions

This article will be comparing SuperTokens to Node’s most popular session management library – express-session. The comparison will be done using a point system, where a point will be awarded to a library’s score if it performs well in a given metric. Here are the metrics we will be using:


  • Security: This is especially relevant because we’re talking about user session management.
  • Scalability: Time and space costs. This is relevant because most API calls require session authentication.
  • Reliability and Correctness: It is imperative that the library takes care of technical issues like keeping its state consistent despite network or server failures and taking care of synchronizing its logic in a clustered environment.
  • App User experience: We want to use a library that can provide the right experience for your app users – for example, does the library enable a user to be logged in for weeks or months whilst also providing good security?
  • Time to production: We will look at factors such as time to integrate the library into an app, available support, and ease of understanding of the library code.
  • Maintenance costWe will assess costs for runtime (RAM and processing power) and internal and external monetary costs.


Posted on

OAuth 2.0 vs Session Management

There seems to be a lot of misinformation on when OAuth 2.0 (henceforth referred to as OAuth) is appropriate for use. A lot of developers confuse OAuth with web session management and hence end up using the wrong protocol/set of technologies. This, in turn, leads to security issues. This article will clarify when to use regular session management solutions and when to use any one of the OAuth flows.

The Most Important Difference

Ideally, we would like all authenticated communication to be long lived (to provide the best user experience). The difference between user session management and OAuth is the level of trust between the communicating parties.