0Pricing
Sveltejs Academy · Lesson

JWT in HTTP-Only Cookies

Sign JWTs and store them in HTTP-only cookies to prevent XSS token theft.

JWT Basics

JSON Web Tokens are self-contained tokens carrying claims signed by your server.

Why JWT

JWTs avoid server-side session storage. The token itself proves identity.

All lessons in this course

  1. Cookie-Based Sessions
  2. JWT in HTTP-Only Cookies
  3. Protected Routes in handle() Hook
  4. OAuth with SvelteKit and Lucia Auth
← Back to Sveltejs Academy