ITImran Techinimrantech.hashnode.dev·4d ago · 8 min readJWT Authentication Confused Me. Then I Built It From Scratch.The Honest Starting Point When my tech lead told me to implement JWT for our HRMS portal with refresh token rotation for our HRMS portal, I nodded confidently and immediately opened Google. I had a ro00
SKshivam kumarinmindofmine.hashnode.dev·5d ago · 4 min readAccess Tokens vs Refresh Tokens: The Missing Piece Most JWT Tutorials Don't ExplainWhen I first learned JWT authentication in MERN, I understood how to generate a token after login. What I didn't understand was why we need both an Access Token and a Refresh Token. If a user is alrea00
AZAYESHA ZAFREEN Sinayeshaa.hashnode.dev·Jun 20 · 12 min readI Built a Role-Based Approval System From Scratch — Here's Why One Login Page Took Me Three Architecture RewritesBy Ayesha Zafreen S | 3rd Year CS-IoT Student | Sri Sairam Engineering College The Question That Started Everything "Can users register themselves on the portal?" Simple question. I almost said yes w00
DBDibyadipan Bhattacharyaindibyadipan.hashnode.dev·Jun 20 · 5 min readSession Revocation and Replay Detection with RedisWhen a user clicks "Logout from all devices," you need to instantly invalidate every active session they have. If you built your authentication with purely stateless JWTs, you cannot do this. You have00
SKShubham Kumar Singhinblog.realdev.club·Jun 13 · 47 min readBuilding a Mini Centralized Exchange (CEX) with Bun, TypeScript, Redis, and PostgreSQLFunctional Requirements of a Centralized Exchange Before implementing the matching engine, let's understand how a real centralized exchange works and what functionality we need to support. What is a C00
RNRaj Nagulapalleinfetchsandbox.hashnode.dev·Jun 9 · 2 min readClerk JWT 401 on the server? Check these 3 env vars firstA Clerk login can look fine in the browser and still fail on your server with a 401. The frontend has a user. getToken() returns something. The request includes: Authorization: Bearer <token> Then Fa00
YPYogesh Peelainexploitnotes.hashnode.dev·Jun 8 · 4 min readIceman - dalCTF 2026Flag: dalctf2026{open-ticket-send-me-ur-fav-song-in-album6}Category: Web / GraphQL / JWT Overview A music-themed GraphQL API protected by JWT-based tier access control. The goal was to escalate from 00
AKAryan Kumarinblog-aryan-dev.hashnode.dev·Jun 7 · 7 min readSessions vs JWT vs Cookies: Understanding Authentication ApproachesAuthentication is one of those topic where almost every beginners are confused , because there are multiple methods to authenticate a user . you heard multiple things such as Cookies, Session, JWT, St00
MGMoksh Guptainmoksh45.hashnode.dev·Jun 5 · 3 min readJWT Tokens Security Guide - What Every Developer Must KnowJWTs are everywhere in modern web apps - authentication headers, API access control, session management. But using them incorrectly is one of the most common security mistakes developers make. This gu00
PSprashant singhingrasshopper.hashnode.dev·Jun 3 · 2 min readJWT Demystified Intro: If you have ever integrated Spring Security, worked with Keycloak, or built microservices with OAuth 2.0 — you have used JWTs. But most developers treat them as a black box. They copy the confi00
