JWT in HTTP-Only Cookies
Sign JWTs and store them in HTTP-only cookies to prevent XSS token theft.
JWT Basics
JSON Web Tokens are self-contained tokens carrying claims signed by your server.
Why JWT
JWTs avoid server-side session storage. The token itself proves identity.
All lessons in this course
- Cookie-Based Sessions
- JWT in HTTP-Only Cookies
- Protected Routes in handle() Hook
- OAuth with SvelteKit and Lucia Auth