This content originally appeared on DEV Community and was authored by Jahongir Sobirov
Let's use JWT instead of session in Node js for making web apps. Ok firstly we should install all package for our app. We need express.js and auth-verify
-
express.jsfor handling with web app -
auth-verifyfor making JWT and verifying it
So, we should make our project file and install necessary libraries
mkdir jwt-app && cd jwt-app
npm install express auth-verify
Ok, now we should create our index.js file:
const express = require('express');
const AuthVerify = require('auth-verify');
const app = express();
const auth = new AuthVerify({jwtSecret: 'supersecret', storeTokens: 'memory'}); // if you have redis you can save your tokens in redis
Now we will make JWT token when user/client visits to our web app.
app.get('/', async (req, res)=>{
const payload = {id:1, role: 'user'} // it's payload of JWT
await auth.jwt.sign(payload, '10m', { res }); // '10m' means expiry time of jwt
res.send('JWT saved');
});
app.listen(3000, ()=>{
console.log('Server listening!'); // Our app is running on localhost:3000
});
With auth-verify we can save it automatically without any manual steps. For automatically saving you should use { res }. {res} means that when client sends request to server. Server reply with response and auth-verify can get JWT token from this request.
Now check our web app:
And for verifiying the user/client we will create localhost:3000/verify page. So it should be like this:
app.get("/verify", async (req, res) => {
try {
const data = await auth.jwt.verify(req); // auto reads from cookie
res.json({ valid: true, data });
} catch (err) {
res.json({ valid: false, error: err.message });
}
});
And with req auth-verify can get JWT token from client request and can verify it. And ifJWT token verified the result should be like this:
So everything is working!🥹
Full code of our web app:
const express = require('express');
const AuthVerify = require('auth-verify');
const app = express();
const auth = new AuthVerify({jwtSecret: 'supersecret', storeTokens: 'memory'});
app.get('/', async (req, res)=>{
const payload = {id:1, role: 'user'}
await auth.jwt.sign(payload, '10m', {res});
res.send('JWT saved');
});
app.get("/verify", async (req, res) => {
try {
const data = await auth.jwt.verify(req); // auto reads from cookie
res.json({ valid: true, data });
} catch (err) {
res.json({ valid: false, error: err.message });
}
});
app.listen(3000, ()=>{
console.log('Server listening!');
});
So we can conclude our article with that the main difference between JWT token and sessions while session are saved to server, JWT tokens are saved to clients!
This content originally appeared on DEV Community and was authored by Jahongir Sobirov
Jahongir Sobirov | Sciencx (2025-10-22T15:18:48+00:00) How to use JWT instead of sessions in Node js. Retrieved from https://www.scien.cx/2025/10/22/how-to-use-jwt-instead-of-sessions-in-node-js-2/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.